The General Data Protection Regulation(GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.
General Data Protection Regulation (GDPR) EU is just days away and it’s implementation have raised significant questions to any company in the world that stores or processes data of people who live in the European Union (EU). The regulation was approved in the EU Parliament and will be imposed from May 25 globally. The GDPR has strict rules that abide companies who are not in compliance will be penalized strictly.
The new data protection law created worries and concerns in companies whether they are ready for GDPR and its implication on their businesses.
Why so much uproar?
The new regulatory imposed by EU is the result of the longstanding debate over privacy and safeguarding of personal data from companies that store the personal history of EU citizens after episodes came in the limelight of evading private data.
“One of the major changes GDPR will bring is providing consumers with extended rights to manage their personal data, right to know about its usage and right to be forgotten”
This is the stricter level of watchdog of personal data is unique and will require companies to guarantee the highest levels of-of privacy protection or face dire financial consequences. This regulation safeguards EU citizens beyond the borders of the EU, which means that any company, anywhere, that has a database that includes EU citizens is bound by its rules. Businesses of all sizes are affected — from micro to multinational.
Sneak peek: As compared to the American laws and regulations (Guidelines (adopted in September 1980), which, in turn, were based on the Protection of Privacy and Transborder Flows of Personal Data) that tend to favour business over the consumer, the EU has promoted a consumer-centric point of view, that guidance was agreed on by the EU member states and the US through a ‘Safe Harbor’ agreement that prevents from disclosing consumer information.
Implications for your organization:
The company comes in trajectory should make themselves familiar with the codes of the GDPR and make early changes to avoid hassles that might impact on your organization. Since the Information Commissioner’s Office (ICO) is working closely with trade associations and representatives of various industries, these entities will become an important resource for companies in each industry to help navigate the GDPR changes that are critical to them.
According to the survey, the matter of concern unveiled that 61 percent companies have not started implementation of GDPR. – iapp org
Basically, GDPR protects user data and operates with an understanding that data collection and processing provides the basic matter to run the businesses and it protects that data every step of the way while giving the consumer ultimate edge over what happens to it.
In the pursuit to be GDPR-compliant, a company must handle consumer data considerately also provide consumers different ways to control-monitor-check and delete according to their demand. The companies must abide by processes to reliable that when data is handled, it remains protected.
According to GDPR, companies must ensure that customers have control over their data by including safeguards to protect their rights. At its core, the protections have to do with processes and communications that are clear and concise and are done with the explicit and affirmative consent of the data subjects.
GDPR Key Changes:
According to the changes, the company should direct team responsibility to read the provisions to become familiar with the requirements and how they pertain to your specific circumstances.
Few key changes:
- In any case of where your company is located and processes data, you are still required to comply with the act of regulation.
- Penalties for non-compliance apply to controllers and processors and a breach of the regulation can cost a maximum fine of 4% of annual turnover or up to 20 million pounds, whichever is greater.
- There are new strict parameters for getting consent to use data that require an intelligible and easily accessed from that uses clear and easy-to-understand language. Withdrawing consent must be equally easy.
- Breach notification needs to be done within 72 hours of becoming aware of the breach.
- The right to be forgotten allows for individuals to request their personal data be erased, stop the dissemination of the data and halt third parties from processing the data.
- The GDPR allows the individual to request and receive their personal data and transmit it to another data controller.
- Although the privacy of design provision has existed for years, the GDPR makes it a legal requirement that data protection must be considered when designing a system and not an addition or afterthought.
A new job, Data Protection Officer (DPO):
- Estimate the requirements of GDPR to understand the connotation for your company and ensure to update chairpersons about possible changes, earlier implements in several departments get everyone on board the better.
- Keep your audit ready for collated personal data, from where it is resourced and who you share it with. The requirements of the regulation are to record your processing activities and implement effective policies and procedures in place.
- Most important for you to update how to communicate customers and use any personal data in compliant with GDPR. In order to safeguarding, your privacy notice needs to elaborate the laws for processing personal data.
- If the company is caring the safeguards, it makes sure to compliance with the new laws to be sure all is covered. Also, the data portability component is new, so consider how your systems would handle an individual’s request to get their data in a commonly used and machine-readable form.
- Make sure to accommodate the new guidelines for dealing with data access requests.
- This rule also emphasizes special protections for children’s data, it is important to accurately update ages and getting parental or guardian consent for children before processing data.
- Make your company aware of handling situation of the data breach in your organization. It is important to reconsider your process and align it with the GDPR.
There has been some confusion and overwhelming response by the company leaders around this new regulations. The sooner you get your arms around the specific details that will impact your organization the better you will be.
Alert Logic, a provider of security-as-a-service solutions for the cloud, has announced the results of a 200-strong survey of European based companies on the readiness of their GDPR preparations:
- While an overwhelming majority of surveyed EU companies are familiar with the EU GDPR regulations, only about a third (33%) state that they are compliant or well on the way to compliance.
- About a third of EU based companies (32%) expect substantial changes to their company’s security practices and technologies in order to become compliant with EU GDPR policies.
- The biggest challenge in becoming GDPR compliant is lack of budget (50%), closely followed by lack of expertise (48%) and limited understanding of GDPR regulations (37%).
- Among the many articles of GDPR, EU companies are most concerned about “Data protection by design and by default”, likely because it implies significant system re-design and investment in data protection controls and processes.
- Only 5% of EU companies believe they are in compliance with all applicable GDPR requirements today. 27% are not confident they will meet the deadline.
Nothing much to mention here, there were regulations before, there are regulations now. It depends on how organization follows the compliance and how seriously follow the standards and safeguards. Personal data is meant for validation rather than monetization. The digital economy, changes and threatens the way, individual and organizations compete with each other. Let us see what this regulation brings to consumers.