The General Data Protection Regulation ( GDPR )
The EU’s General Data Protection Regulation ( GDPR ) comes into force on 25th May 2018 and specify how consumer data should be used and protected.
What is GDPR ?
GDPR is short for General Data Protection Regulation . GDPR defines how EU residents data must be handled . First officially adobted by the European Parliament in Apr 2016 and become enforceable throughout the EU in May 2018 applies to everyone , to all businesses and organisations , involved in processing data about individuals in the context of selling goods and services to citizens in the EU , or to those monitoring the behaviour of EU citizens, or who are processing personal data , regardless of whether the organisation is located within the EU.
Who does GDPR apply to ?
GDPR apllies to organizations of all sizes , to anyone who offers products or services to consumers in Europe , also to organizations that host in the EU ( regardless of the user or the user’s location ) .
Confidentiality of the information
Sensitive customer personal information held by business pose significant risk if stolen and abused.Your personal data includes – social media data , photos , name , address , email .. and more .
What are the GDPR requirements ?
Right To Be Forgotten (Erased)
When data is no longer relevant to its original purpose , data subjects can have the data controller to erase their personal data and cease its dissemination .
Consent is king .Organizations cannot use data without clear consent .In obtaining consent for data use , companies cannot use indecipherable terms and conditions filled with legalese . It must be as easy to withdraw consent as it is to give it .
Right To Access
Data subjects heve the right to obtain confirmation from data controller of whether their personal data are being processed . Data controller should provide an electronic copy of personal data for free to data subjects .
Data Breach Notification
In the event of a data breach , data processors must notify their controllers and customers of any risk within 72 hours .
Data must be portable via open and popular file formats .This allows individuals to obtain and reuse their personal data for their own purposes by transferring it across different IT environments .
Data Protection Officers ( DPO )
Organizations of all sizes need to appoint data protection officers .
Professionally qualified officers must be appointed in public authorities , or organizations that engage in large scale (>250 employees ) systematic monitoring or processing of sensitive personal data .
Privacy By Design ( Data Protection )
This calls for inclusion of data protection from the onset of designing systems , implementing appropriate technical and infrastructural measures . Minimize exposure : share only what you need to .
GDPR is too important to ignore!
Everyone should care about GDPR . It is 88 pages and fifty thousand words long and will have a dramatic effect on the way that organizations handle .
Data must only be used for the purpose it was collected for . GDPR limits how data is collected , used and shared .
Impact of GDPR on business :
Data must only be used for the purpose it was collected for . GDPR limits how data is collected , used and shared . Including : restriction on commercial data use ; compliance spending ; inspire trust and confidence; safeguard consumer data security rights.
GDPR panalties of up to 20m euro or higher . This is a very different scale of penalty than has ever been applied previously .
Take action today
It is essential to make GDPR manageable , begin planning your GDPR compliance ,put in place the right tools & processes . Conduct a full data audit . Do a GAP analysis & review processes and data workflows .Security processes must be thoroughly reviewed .
Rethink data management approaches in order to stay compliant to avoid massive new fines and bad publicity .
Plan and be proactive .