What Is GDPR
The General Data Protection Regulation is a regulation in European Union law on data protection and privacy for all individuals within the European Union and European Economic Area. It also addresses the export of data outside the EU and EEA.
Ready or not, General Data Protection Regulation becomes a law on May 25 th, 2018 and failure to comply with this law could cost your company millions. If you think this affects the security and IT Operations in the EU, THINK AGAIN. GDPR will have an impact on your company if you plan to scale globally or have customers in Europe or want to compete Internationally.
Think of GDPR compliance as a program not a project. To ensure GDPR Compliance here is what you need to do-
Map Protected Data
Awareness and Training (Repeat)
Do not take chances Security is not a game. How long certain data can be kept may also be goverened by specific business sector requirements and agreed practices. For example consumer credit agencies can keep the consumer credit data for six years. Data breach is an incident in which protected data has been disclosed in an unauthorized fashion. Data breaches may involve personal health information, trade secrets and intellectual property. The Data Protection Principles are –
Fairly and Lawfully processed.
Processed for limited purposes.
Adequate,relevant and not excessive.
Not kept for longer than is necessary
Processed in line with your rights
Not transferred to other countries without adequate protection.
The act provides a seperate definition for Sensitive personal data. This relates to information concerning a data subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning a persons health or data concerning a persons sexual orientation or sex life. The law goes even further than that EU residents can object to specific ways companies are using their data. The law requires companies to inform the users within 72 hours of a data breach.
This law does not apply only to European Union but also to all organizations that collect, process, manage or store data of the European citizens. This will certainly include major online services and businesses that collect and process, manage or store data. Because of this the GDPR essentially sets new global standards of data protection.
What kind of data does the GDPR protect-
The regulation applies to a broad array of personal data, including name government ID numbers, online activity of a person and other data that lets companies track users as they browse the internet.
How will this affect me, A NON EU RESIDENT –
All big social networking companies and online companies have offered users beyond the EU some rights over their data but these rights are not backed up by any laws, which means you cannot file a complaint against any company for vioilating the GDPR if you are not a EU resident.
‘ Privacy is Important ‘ as businesses continue their digital transformation, making greater use of digital assets, services, and big data, they must also learn to be accountable for monitoring and protecting the data on a daily basis.