Introduction of internet has impacted our lives greatly. From communication to handling routine activities, everything has evolved dramatically. We all use one or other online platforms to pay our bills, purchase goods, send messages/emails, etc. All these activities require us to enter our personal details; and we all do it without hesitation.
Have we ever given a second thought to sharing our personal information like bank details, contacts, addresses, posts of social media, online? Or have we ever thought what will happen to that information?
In the name of providing better services to the customers, companies collect such information from us. Still, there is ambiguity regarding the usage of that collected information. What those companies use the data for?
This topic has been addressed by the European Union with the introduction of GDPR – a new European privacy regulation. It will be enforced in May 2018 and is going to change the way data/information is collected, stored and used.
What is GDPR?
GDPR is abbreviated form of General Data Protection Regulation. It is a regulation designed by the European Parliament, the Council of European Union and the European Commission, with a purpose intended to strengthen and unify data protection for all individuals within the European Union.
In other words, it will give the power to citizens to have control over their personal data. Also, it will ease the regulatory environment for international businesses. This regulation will have a significant impact on the businesses in the years to come.
A recent study was conducted by Dell and Dimension research over some 800 IT and business professionals responsible for data protection of European customers.
It was found that 80% of businesses don’t know or have only few details about GDPR.
But surprisingly, the worst of all is that 97% of the companies still don’t have any plan in place when there is hardly 2 months left for GDPR to roll out i.e. in May 2018.
We would like to showcase the major impact that GDPR will have on the businesses and the preparation that should be done to streamline business processes without any hassle.
Impact of GDPR on Businesses
This new regulation is applicable to all the businesses and organizations that are part of European Union, irrespective of the location of data processing. In other words, this regulation applies to those businesses also where data processing takes place outside EU. For instance, if a business offers goods and/or services to the residents of EU, then it is subject to GDPR. Further, if the data processing is done quite often or if the data is sensitive, then tougher obligations will be placed upon that business.
Businesses operating in multiple European Union will now be dealing with only one DPA (Data Protection Authority) that will be acting as lead authority.
Whenever there would be data breach, the Data Protection Authority has to be notified within 72 hours.
Organizations or Companies that are extensively dealing with the work of personal data will have to have a data protection or controller officer, who will be responsible for GDPR compliance. There are stringent penalties for those not complying with GDPR. It is 4% of annual revenue globally or 20 million Euros, whichever is higher.
Many of the companies now might be opined that GDPR is only an IT issue but the truth is, it has huge sweeping implication for the whole company.
Have you prepared your business for GDPR roll-out ?
You have got a glimpse of what is GDPR and how GDPR will impact on the businesses and their processes. We presume that you have got a brief knowledge about this new roll-out due in May 2018. Let us now explore how you or your business can be prepared before the kick-off of GDPR.
Before proceeding, we would like you to know the scope of this regulation.
GDPR is applicable to the businesses and organizations that are based inside as well as outside the European Union.
GDPR legislation has incorporated concept of privacy by design. This concept has existed for many years, but has been legally added as key component in GDPR now. Privacy by design requires the organizations to take care of the privacy of data from the very beginning of the designing of the system, rather than including it as an addition.
There are several things that a company has to do in order to be GDPR compliant. We are providing you few steps so that you can start with GDPR and become prepared before its onset in May 2018.
1. Secure your company’s data:
Start mapping your company’s data and document from where it comes. Identify the location of your data, its accessibility and check if there is any risk to your data. Also, make a note what you have to do with the data so that your company is well prepared before May 2018.
2. Filter your data:
It is advisable not to keep the information that is not required. GDPR will require treatment of personal data in a disciplined and synchronized manner. In case your company or organization collects more than required information/data, it will have a not so good impact on your business. Some of the questions that will help you in the cleanup process and avoid unnecessary storage of any data. Ask yourself:
- Is the data, that we are archiving, actually required?
- What is the objective behind storing bulk of personal data?
- What are the financial gains of encrypting and storing the data?
3. Put security checks across each level:
Beware of any data breach. Develop and implement various security checks across each level of your infrastructure. Further, implement a process that would help you take immediate action in notifying the individuals and the authorities in case a breach occurs. Being an outsourcing company you have to be liable. You have to ensure that your clients or customers should also have appropriate security measures in place apart from implementing your own security measures.
4. Verification and review of all your documentation:
GDPR has made it mandatory for the companies to take consent from the individuals before acquiring and processing their data. No implied consent or having pre-checked boxes will be accepted. Also, ensure that all your privacy statements and disclosures have been reviewed thoroughly. Make an adjustment in your documentation wherever required.
5. Build a process to handle personal data
There are some data subject rights that are defined under GDPR. Companies or organizations have to establish a procedure and implement the same for handling personal data. For your better understanding we are providing you certain key points that will help you while building a procedure for your organization.
- Seeking consent from the individuals in legal manner
- Individual’s wish for the deletion of his/her personal data
- Ensuring the data deletion is done across all platforms/levels
- Process for transfer of data on individual’s wish
- Verifying the authenticity of the person requesting the transfer/deletion of data
- Preparing a communication plan in case of data breach
We all know the significance of data security in this new era of digitalization. Though GDPR seems challenging for many companies, it will also create opportunities. Those companies who show that they are concerned about the individual’s privacy, who are transparent in using the personal data, who constantly seek and implement new ways for managing customer data throughout will have the opportunity to build a deeper trust and retain loyal customers.
As the deadline of May 2018 is coming closer, it is high time that companies should dedicate time to become compliant with the norms of GDPR.
Multidots offers to create a robust plan of action for you to become GDPR compliant. So, when GDPR rolls out in May 2018, you are much calm and relaxed. For further information and assistance about GDPR, get in touch now.
How GDPR will influence your business?
And what steps are you taking to become GDPR compliant by May 2018?
Let us know in the comments below.