Know About The General Data protection Regulation Before Your Company Gets The Data Breach Notice
Published March 16,2018 10 months ago Posted By AdminReading Time: 4 minutes
The General Data protection Regulation (GDPR) will be officially implemented from May 25, 2018. With massive international reach, it will impact over the global operations handling personal data of residents in European Union.
The GDPR takes the data protection to the next level, making the UK data protection act a thing of past. Hence, non-compliant companies may face serious consequences for violating data privacy. Information Security Forum (IFS) consider it to be the biggest wave of global privacy law made in decades, forcing companies to take serious note. Here’s what the companies need to take into account for operating business in Europe.
What is GDPR?
GDPR was adopted by European parliament in the year 2016 to replace the previous data protection law which was under action from 1995. GDPR enforces global companies to abide the rules lawfully in processing personal data. It is expected that after May 2018 consumers will enjoy new set of data security, whereas the companies need to have their security reconfigured to comply with.
Why GDPR is important?
Rising public concerns over data protection is the main reason to put forth GDPR. Europe has had the finest and the strongest law for data protection in 1995. Eventually as the years go passing by it turned outdated and invalid to address many ways in which data is processed presently.
Due to increasing rate of data breaching events, publics are losing their trust over companies dealing with data transfers. According to few surveys, consumers from different European countries have lost their banking data, identity information and security information over data breach. Few reports have also showcased that consumers intentionally provide wrong information while contemplating online service. They think their data is susceptible to privacy violation. Lack of trust and increasing rate of high profile data breaching is making the online dealing vulnerable. Hence, GDPR is all set to impose strong data protection measurements which will make to be more transparent and strict to protect consumer credentials.
Types of data the GDPR covers:
- Identity information- name, address & ID numbers
- Banking or financial information
- Security information- password, One Time Password (OTP)
- Biometric data
- Political opinion
- Sexual orientation
- Web related data- IP address, cookie, location
- Genetic & health data
- Ethnic information
Who is liable to look into GDPR within my company?
To make the data privacy observation easy and organized GDPR defines few roles to be liable for ensuring compliance:
- Data Controller: Responsible for processing personal data, clarifying purposes for which it is processed and ensuring outside contractors adhere to the guidelines.
- Data processor: The internal group that looks after the personal data records. For any breach, the GDPR will hold the company and the data processing partner (cloud service provider) responsible for.
- Data protection officer: Responsible for maintaining and GDPR compliance and data security strategy.
Consequences for non-compliant companies:
If preparation for GDPR compliances go up to as much as $1 million to $10 million, infringing the law would definitely cost more as high as €20 million. Surveys showed that 52 percent of companies believe that they might be fined for their non-compliances. And it is also believed that EU may collect $6billion as fines if penalties are made.
The deadline is 25th May. Therefore, if any organization is found to be non-compliant with GDPR requirements, the supervisor authorities may impose various powerful law infringing penalties such as- issuing warning or reprimand for the breach to the processors, compelling the organization to follow their way of processing the information or in extreme case; cease processing or force organization to confess the data breaches.
The time is NOW, start preparing:
Create a sense of urgent preparedness: We’re actually running out of time and creating this sense of urgency is the foremost consideration. For the start, it’s important to ensure global data standard compliance with that of GDPR requirements.
Risk assessment: Risk assessment includes knowing exactly the data you possess of EU citizens and what sort of risk lying around. The risk assessment should also have the solutions to address the risks. The key part of this process is to uncover shadow IT practices that have been storing important data from long time now. Practicing shadow IT involves more risk of non-compliance.
According to eminent IT thought leader and also the chairman of Snow Software, there are more than 39,000 applications holding personal data while only 10% of applications are seen the rest are still under the cover. As companies not having the comprehensive perspective of their IT practices, they don’t oversee applications that causing massive GDPR violation.
Involve your team: The result is always better when everyone initiate to take part of. This is why IT alone cannot make the move for preparedness. Involve your marketers, finance team, sales team and everyone who works with data on daily basis. With them, you will have detailed idea about the different data you have been storing.
Appoint a DPO: While you and your team will be fetching data, the DPO will oversee the structure designed to comply data security. GDPR guidelines allow hiring DPO to work for different agencies. So you can also look for virtual DPO assistance and get your data protection plan checked.
Check mobile fetched data: Almost 81% survey respondents use mobile device to access online service. If any app that has the access to Sensitive Personal Information (SIP), the users need to comply with GDPR requirements.
For smaller organization: Smaller organizations should also maintain GDPR. They may not have the budget meeting the requirements but they can seek for outside resources and technical help which can minimize the risk factors.
Improve your business for the greater good in future:
According to many business owners, complying with GDPR rules will help them sustain in the market with a clear and trustworthy image. It will boost confidence of their consumers.