Is your data being protected?
Are you protecting the data of employees and customers?
Effective May 2018, new regulations will be set regarding data privacy and how personal data is accessed, collected, handled and used. That new regulation is known as the General Data Protection Regulation (GDPR), and it will require a comprehensive evaluation of how personal data is managed and protected. GDPR will force organizations to keep privacy top of mind.
What is GDPR?
The European Union (EU) passed a law to regulate data protection for all EU residents. It is possibly the strictest law in history that has been passed to protect personal data. Regulations under GDPR cover an expansive view and definition of personal data and the processing and handling of personal data.
How is personal data defined?
Under new regulation, personal data can be any form of information used to identify an individual. That information can range from email addresses, IP addresses, social media feeds or phone numbers. When thinking about personal data in regards to GDPR, the safest bet is to determine whether or not the information on file can be used to connect back to an individual. If so, that data is now classified as personal and protected data.
What does the regulation mean for organizations?
GDPR gives individuals more control and more understanding of how their personal information is being used, captured, tracked and handled. The extended definition of personal data means that the rights of individuals have also extended.
The regulation also means that organizations who come in counter with personal data of EU residents, must establish clear data protection policies and procedures to remain GDPR compliant. Organizations who process and collect personal data from EU residents will now be held to a higher standard of accountability when it comes to privacy.
Who does GDPR impact?
Whether your business is run from the EU or not, GDPR may likely impact your organization. All organizations that perform business or serve customers within the EU must comply with GDPR. There is a chance that your organization will come into contact with the data of EU residents at some point, so understanding the parameters around GDPR is vital to your business. For those that only do business inside the U.S., GDPR will not impact you. But, there is a chance that the law will expand across borders, so it is worth taking the time to understand GDPR and its implications now.
Why is GDPR being implemented when privacy laws already exist?
The volume of data today is growing exponentially, which forces us to reconsider how data itself is classified. GDPR brings along new regulations to account for the new ways in which personal data can be accessed and used. Along with the law, GDPR also brings significantly higher fines for violating personal data privacy. The penalties for non-compliance allow the EU to impose fines of up to four percent of a company’s global annual revenue, should personal data usage be violated.
How should you respond to GDPR?
Start the conversation internally with your IT and legal teams, both of which will be critical in creating a plan of compliance for GDPR. It’s also important to conduct a data evaluation. Analyze the data you have and outline how that data is being handled by your organization. By understanding the complete picture of the data your organization touches, you can then begin to formulate a plan that ensures you meet the new privacy requirements.
Still have more questions?
Most likely. And that’s not a bad thing. GDPR is new and complex. It is forcing businesses to redefine and reevaluate how personal information is collected, stored and handled. Formulating a plan to ensure privacy is vital to the health of all organizations. No industry is exempt from the risk of information being compromised.
Stay connected with us over the coming weeks. We will share more information about GDPR. You can expect to learn about the role your IT team plays in GDPR compliance, and how you can begin to build a privacy culture within your organization.