The world seems to be a buzz about GDPR. If you’re not buzzing – you’re not in the know. People want to know what it is, who has to deal with it, when do they have to take action, and where they can turn to for help. Simply put, GDPR is the European Union’s (EU) latest attempt to ensure that it can control the data protection for all individuals within the EU. GDPR stands for the General Data Protection Regulation 2016/679 and was adopted by the European Parliament on April 14, 2016, which goes into enforcement on May 25, 2018. It is the most important privacy change in the last 20 years. If you offer goods and services in Europe, have European employees, partners, or suppliers, you’ll need to comply with some form of GDPR.
So, what does ‘comply’ mean. For entities (people and companies) that you deal with from Europe, it means that you’ll need to ensure you are transparent with them about the data you collect, why you collect it, and what you intend to do with the data. Also, before you collect their data you’ll need to get their permission to use it (explicit consent). You’ll need to ensure you only keep it for as long as you need it and that you’ll protect it while you have it. If something happens to the data (it’s lost, stolen, or corrupted) you’ll need to tell the person whose data was effected and the authorities (Supervisory Authority in Europe). It’s a really good idea to encrypt the data and if you can you should anonymize it; which means removing the identifiable information. If a European citizen asks you what data you are storing or processing about them, you’ll need to tell them and if they ask you to delete their data, you’ll need to do this too. There are also some additional record keeping functions like data mapping and Data Protection Impact Assessments (DPAI), which you will need to regularly perform and keep up to date. Plus, there are some financial penalties if you don’t ‘comply.’
Not all of this is bad. In fact, it might actually be good news as companies will need to review their practices and programs in order to determine exactly what data they are collecting and why they are collecting it. These efforts alone will increase their maturity in data handling and system design As data breaches become more common, utilizing these improved processes can only be a good thing when the companies we entrust with our information have to follow more strict rules. If you would like more information about GDPR or if you need help understanding the complexity of the compliance.
Need help realizing the benefits of GDPR or converting your GDPR Project into a real Privacy Strategy, please contact us at American Cyber Security Management today.
*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Privacy specialists can help you make sense of and comply with GDPR.