The line is blurring between personal data and business data. Personal data is a valuable asset in the information age and businesses must capitalise on this to maintain market advantages and remain competitive.
There are many legal systems across the world that cover the issue of data protection and this can become very difficult with determining what information falls under which legal system. The new EU General Data Protection Regulation aims to become the one regulation to govern data protection. The GDPR is a complex regulation but here are 7 key points that everyone should know.
The GDPR is already a reality
The GDPR came into force in May 2016 and started a 2 year transition period that will end on May 25th 2018 when the regulation will apply. Organisation have barely a year left with which to become compliant or risk facing steep fines.
Protecting the fundamental rights of people
The GDPR was developed to be the single overarching data protection regulation that would protect the rights of all EU citizens in the age where information holds such high value and is so readily available.
It applies to every organisation and every type of data
Considering the limited time with which organisations must achieve compliance there is still an issue of awareness. Many organisation either don’t know of the GDPR or don’t believe it applies to them because of Brexit. However, the UK Government has stated unequivocally the GDPR will apply to everyone post-Brexit. The law will apply to every organisation the stores or processes data of EU citizens regardless of size or purpose.
Simple Consent Rules
The consent of the data subject is imperative. Organisations must attain consent from the data subject for every purpose they wish to use their data for. They are also obliged to formulate them in an easy-to-understand manner so that the subject is fully aware of how and for which purpose the data will be used.
Without specific and explicit consent granted by the data subject to the organisation, they are not allowed to store or process the data.
Accountability and Transparency is the organisations responsibility
It is the responsibility of the organisation to maintain transparency to the data subject, this includes reporting any data breaches or incidents that occur without delay. If the data subject makes a request to view all the data the organisation possess regarding them, the organisation must be able to produce it and account for it at all times. The responsibility is placed on the organisation to ensure the data subject understands what is happening regarding their data.
Data Protection Officer must be assigned
One of the most important outcomes of the GDPR is the requirement for organisations to appoint a Data Protection Officer (DPO). The DPO will be the one responsible for ensuring the organisation is compliant with the GDPR. The DPO doesn’t have to be a separate person, it can be an additional responsibility to an already existing role but is required by all organisations so that there is a specific individual, or team, that is responsible for the organisations compliance.
Encryption isn’t the answer
Just encrypting the data will not make your organisation compliant. While implementing encryption will increase the confidentiality of the data, the regulation requires the organisation to take the necessary steps to also ensure the integrity of the data and the availability of the data.
Learn more about how to become GDPR compliant in an easy and affordable manner, check this Automated Compliance Manager – CyReg GDRP.
Contact CyNation to learn more about our GDPR services.