Background of GDPR
GDPR stands for General Data Protection Regulation.
In January 2012, the European Commission started making plans to reform data protection across the European Union (EU) in order to make Europe more secure for the digital age. Nearly four years later, an agreement was reached on what would be involved and how it would be enforced.
One of the key factors of the reform is the General Data Protection Regulation (GDPR). This regulation applies to companies in all member-states and will impact businesses and individuals across Europe as well as any B2C (business to consumer) business that offers goods or services within the EU.
This means that almost every major corporation in the world will need to be ready for GDPR.
What does it mean?
Essentially, GDPR is a defined set of new rules intended to give people more control over their personal data. Its goal is to streamline the regulatory environment for businesses so both people and corporations can completely benefit from the digital economy.
These reforms are created to be more in line with the world we’re living in now as well as help to bring laws and obligations across the EU up to speed for the current internet-connected age.
This has an impact on nearly all aspects of our lives.
- Social media companies
- Banks
- Retailers
- Governments
Each of these services involves the collection and analysis as well as storage of our personal data (name, address, credit card number, etc.)
What does GDPR compliance look like?
Data breaches are likely to happen. We hear more and more of these unfortunate situations. When information gets lost or stolen, it can get released into the hands of people who intend to cause harm.
In order to be compliant with GDPR, companies will have to make sure that personal data is gathered legally and under stringent conditions. Additionally, the people who collect and manage the data will be required to protect it from ill-harm, in order to respect the rights of the data owners. Failure to do can result in penalties. Fines can range from 10 million euros to 4% of the company’s annual global turnover.
Who does GDPR apply to?
As mentioned above, GDPR applies to nearly every B2C corporation in the world that offers goods or services within the EU. Under the definitions laid out in Article 4 of the General Data Protection Regulation, there are two different types of data-handlers.
- Processors
- Controllers
A controller is “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”, while the processor is “person, public authority, agency or other body which processes personal data on behalf of the controller”.
GDPR essentially places greater legal obligations on processors and controllers to keep clean records of personal data as well as document how it is processed.
How does GDPR define personal data?
Data that is considered ‘personal’ includes:
- Name
- Address
- Photos
- IP addresses
- Genetic data
- Biometric data
When does GDPR come into effect?
GDPR will come into effect across the European Union on May 25, 2018. All member nations are expected to have implemented it into their own national law by May 6, 2018.
The benefit of GDPR for businesses
Because GDPR establishes one law and a single set of rules that applies to companies doing business within the EU, it is hoped that it will make it simpler and cheaper for businesses to operate within the region with the Commission claiming that it will save €2.3 billion per year across Europe.
The Commission says “By unifying Europe’s rules on data protection, lawmakers are creating a business opportunity and encouraging innovation.”
The benefit of GDPR for consumers
One of the most impactful changes of GDPR is that consumers will now be required to know when their data has been compromised. Companies have a legal responsibility to notify the appropriate channels as soon as possible so that the affected can take whatever measures necessary to prevent their data from being abused.
Consumers will also have easier access to their own data. Companies will need to provide detail to the consumer about how they use their personal data in an easily digestible way.
GDPR will also provide a clear ‘right to be forgotten’ process which will allow people who no longer want their data processed to have it deleted, assuming there isn’t any grounds for keeping it.
How do I ensure I am compliant?
We have been on the forefront of this legislation from the beginning to ensure we can provide you the best outsourced back office support. That’s why we created RiskView.
This proprietary software shines a light on any potential threats to your customer’s personal data. It provides assessment reports that allow you to better understand your individual areas of risk for data breach and empowers your company to better address the potential threat.
With RiskView, your company can:
- Locate Unprotected Personal Identifiable Data (PID)
- Improve User Accountability & Compliance With Regulations
- Identify Sources Of Critical Data Leakage
- Identify Security Threats
- Identify Intellectual Property Theft
- Detailed View Of Your Company’s Data StorageWe’d love to take the time to explore opportunities to help your company ensure compliance with the upcoming GDPR legislation.