General Data Protection Regulation (GDPR): What You Need to Know

Companies that collect through the internet and every web user in EU countries are strictly needed to comply with new specific rules regarding customer protection-data. The General Data Protection Regulation has a new set of rules for consumer rights regarding their data.

It will be a challenge for companies when they put systems and keep up to maintain compliance.

This will cause concerns and expectations for security teams. A good example, the GDPR takes a broad category of what ‘is’ personal identification information.

Companies will have to comply with the same protection and protocol level, such as an individual’s IP address or cookie data like name, addresses, and Social Security numbers.

The GDPR hasn’t come down to anything doable-y specific in which most of it is still into the interpretation.

Like, companies should provide a “reasonable” degree of protection – personal data, for example,  in what terms is such “reasonable.” This gives the GDPR governing body a loophole when assessing the fines for data breaches and non-compliance.

What is the GDPR?

The European Parliament adopted the GDPR in April 2016. It was made to carry rules and provisions that make businesses need to protect internet users’ privacy in the EU. The GDPR  regulates the exportation of personal data outside the EU.

The said provisions are consistent across all 28 EU states. This means companies have just one standard to meet within the EU. However, the standard is high and costly. This will require most companies to make a significant investment to complete and to administer.

Why does the GDPR exist?

Public concern over privacy. In general, Europe has been known to be stringent to rules, especially around how companies use and collect the personal data of its citizens. The GDPR replaces the EU’s Data Protection Directive, which was active around 1995.

This was before the internet evolved into something much larger than what everyone thought it would be. It has grabbed the government’s attention that the directive is outdated and does not acknowledge where, how, and to whom data is stored and dealt with, much as it is collected and transferred as of today.

How real is the public concern over privacy? 

It is significant as the speed of technological growth is concerned. The consistency of data breaches and hacks are surprisingly common. 

Due to the many instances regarding businesses assumably, not the right amount of protection when it comes to their data breaches or other instances, such valuable data is leaked or left unsupervised and protected having trust consumers trust companies and how these companies treat the consumers’ personal information has created some speculation.

According to the findings, 41% of the respondents admit to falsifying data when signing up for services online. Security concerns, a way to avoid unwanted marketing, or getting data and information resold were among their top concerns.

The report also shows that consumers will not easily forgive, let alpine tolerate a company once a breach, or when a company exposes their data occurs. 72% percent of US respondents claim to boycott a company that appears to disregard the protection of their data and consumer welfare.

50% percent of all respondents said that they would be more likely to shop at a company that could prove it takes data protection seriously.

“As businesses continue to evolve and adapt through digital transformations, digital assets, services, and data, these businesses must be accountable for protecting that data daily,” concluded the report.

MINGIS ON TECH

Mingis on Tech: Data breaches in a world of ‘surveillance capitalism’   (22:11)

What types of privacy data does the GDPR protect?

  • Basic identity: name, address, location, and ID numbers
  • Web data: IP address, cookie data, and RFID tags
  • Health data
  • Biometric data
  • Racial data
  • Political opinions/sides
  • Sexual orientation-identification

Which companies does the GDPR affect?

Any business that stores collects and keeps records of their consumers will have to comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies and businesses required to comply are:

  • existence in an EU country.
  • No existence in the EU, but processes personal data of European residents.
  • Deals with more than 250 employees.
  • Less than  250 employees but data-focused, and its processing impacts data subjects’ rights and freedoms, is not occasional or includes certain. 

Who within my company will be responsible for compliance?

The GDPR carries numerous roles responsible for utmost compliance: data controlling, data processing, and the data protection officers.

Data controllers define how the personal data is processed and the purposes for which it is processed. Controllers are also responsible for making sure that contractors are complying.

Data processors are part of the groups that process data records or any in and outsourcing firm that performs such activities. The GDPR has its processors liable for any form of data breaches or non-compliance.

It’s plausible that both your company and a processing partner like a  cloud provider will be responsible for any penalties despite who or which fault is entirely on the processing partner.

The GDPR needs the controller and the processor to locate a DPO to monitor the data security strategy and GDPR compliance.

Companies and businesses are expected to have a DPO when processing or storing large amounts of EU citizen related data, process or keep special personal data, monitor data subjects, public authority, or not. However, some public entities, such as law enforcement, may be exempted from the DPO requirement.

According to the Propeller Insights survey, eighty-two percent of responding companies claim to have a DPO on staff already, although seventy-seven percent plan to hire a new or replacement DPO in regards to the  May 25 deadline.

It is noteworthy that hiring doesn’t stop with the DPO. About fifty-five percent of the survey’s respondents said that they had recruited approximately six new employees to achieve GDPR compliance.

General Data Protection Regulation (GDPR): What You Need to Know

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top