With 100s of articles to absorb, it really takes time to understand what GDPR means, develop a plan, and put processes in place to ensure compliance.
General Data Privacy Regulation (GDPR) came fully into effect on May 28, 2018 and its impact on companies which have European operations, is huge. It applies to all businesses headquartered in the EU, as well as those outside of the region if they offer goods or services to, or monitor the behavior of, people living in EU countries.
Since more and more information has been collected electronically over the years, it has become necessary to mandate that all companies better protect this information from being breached.
Every company’s journey to GDPR is unique, but we can learn from each other.
Ultimately you have to show regulators good faith and keep moving your company’s process forward to improve your data protection posture. If you do this diligently, you would avoid a fine.
Failure to comply with GDPR can expose your organization to a penalty of up to 4% of global revenue. Preparing for GDPR, and making sure your data architecture is compliant with the regulation, is of utmost importance.
The graphic given here, shows that -- how EU sanctions usually work in GDPR.
-
Preparing for GDPR’s privacy guidelines
When preparing for GDPR, it’s important to keep in mind the privacy guidelines it outlines:
-
The Customer has the right to be forgotten.
-
The Customer has the right to data portability across service providers.
-
The Customer has the right to accountability and redress.
-
The Customer has the right to request proof that they opted in.
-
The Customer is entitled to rectification of errors.
-
The Customer has the right of explanation for automated decision-making that relates to their profile.
It’s also important to remember that preparing for GDPR isn’t just for the marketing department; all lines of business must comply with GDPR, so a holistic approach to data governance and data privacy is required in order to satisfy GDPR requirements.
-
RECOMMENDATION
Take The Following Approach To Improve Your Odds of GDPR Compliance Success:
1. In approaching GDPR, the first step is to create a data inventory that includes where data is stored and why you are collecting/processing that data. Think about all the data that comes in and out of your business; this might not be as easy to do as you think.
2. Categorize the data into personal, non-personal data, and special category. In doing so, it’s important to know how the European Union (EU) classifies personal data. Their definition is broader and includes location data such as IP addresses.
3. Keep the data inventory process simple and remember to continuously update the inventory to ensure compliance with the 72-hour breach notification expectation in GDPR.
4. Compile a Risk Register to understand what assets and vulnerabilities exist. Work with third-party experts (legal and risk management) to create a gap analysis of what security and legal controls are needed to minimize risk.
5. For high-risk data, conduct a Data Protection Impact Assessment (DPIA) to help you find and fix problems. Your Supervisory Authority should have a list on the kind of processing operations which require a DPIA.
6. Consult a law firm to determine if you need a Data Protection Officer to manage data audits, train employees and act as a point of reference with European Regulators.
7. You should expect that some individuals or “Data Subjects” would invoke their “Right to be Forgotten” under GDPR with various companies. Your company must act on those requests or individuals can file a complaint with the Supervisory Authority or “complaints officer.”
-
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM