GDPR is an EU regulation that requires businesses to protect the personal data, privacy and security of EU citizens for transactions that occur within EU member states. Compliance is not optional and it is not a box ticking exercise, the regulation demands that you are able to demonstrate compliance with the data safety rules.
What is the problem?
Most people don’t even know how advanced today’s data collection initiatives and learning algorithms are. Most of us do not fully understand how much sensitive personal information is collected and stored, or how that affects our day to day lives. Many companies like Facebook and Google swap access to people's data for use of their services and to make matters worse, collected information is often frequently sold to the highest bidder. How real is the public concern over privacy? It is significant and it grows with every new high-profile data breach. Lost banking and financial data, identity information (e.g., passports or driving license) as well as medical records are the top concerns among consumers.
What is GDPR?
The General Data Protection Regulation (GDPR Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
How does it work?
'Controllers' and 'processors' of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. If you are wondering if this affects you, the most likey answer is 'yes'.
Learn more about the new data protection rules...
Can you benefit?
As consumers become better informed, they expect more transparency and responsiveness from the stewards of their data. Lack of trust in how companies treat their personal information has led some consumers to intentionally falsify data when signing up for services online. Consumers will not easily forgive a company once a breach exposing their personal data occurs. With the appropriate compliance framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.
When does it come into force?
The current legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that. The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the member states’ national legislation on data protection. Ambitious and wide-reaching in scope, the new law brings a much needed 21st century approach to data protection.
How can we help you?
We are an experienced team that can help you: