Calling all online business owners! On May 25 2018, a new European privacy regulation called GDPR (GDPR stands for General Data Protection Regulation) will be enforced. It has increasingly become one of the trendiest topics among digital businesses around the world as the new data privacy norms are going to completely change the way online resources are used to gather, store and use individuals’ data. The main purpose of it is to better protect sensitive information of users.
In fact, the General Data Protection Regulation covers businesses having EU customers, nevertheless, it will affect all companies globally, both small, mid-sized, and the big ones. And the fines are really mind-blowing – your company might get the penalty up to €20 million or 4% of your company’s worldwide turnover. We are not joking! The times are changing and now, you should be looking for the increased transparency of your businesses. So, make sure your business is GDPR compliant. Of course, due to the novel protection regulation, you may be having a tough enough time coping with it as you need to understand it, be ready to implement it into your working processes in a proper way and to report when needed.
No worries, though. To help you better realize all pitfalls your organization can experience because of the novel GDPR new rules and to find the ways out how to cope with that, Artelogic has prepared an introductory guide to Data Protection Regulation GDPR.
In short, this post will cover the following GDPR compliance aspects:
So, let’s get started.
What Types Of Privacy Data Does The GDPR Protect?
The General Data Protection Regulation requires business owners to protect privacy data of your EU customers. But, what privacy data does it feature? Here comes the answer – according to the GDPR laws, your company has to provide your customers with the proper data security, consisting of:
- Key person’s identity data: name, address, and ID.
- Online data of your clients: exact location, IP address, cookie data and RFID tags
- Customers’ health and genetic information
- Biometric data
- Racial and ethnic data
- Political thinking
- Sexual orientation.
Bear in mind that the way data management and data processing is done should be consistent, transparent and clear, and moreover, recorded because you might be asked to report about that. So, consider finding the proper data governance solutions your business might require.
Which Companies Does The GDPR Affect?
Naturally, Data Protection Regulation features every organization that gathers and processes data belonging to European Union (EU) citizens. And since internet world has gone global, people from various parts of the world can visit your website. Therefore, regardless of your location, GDPR will affect the way you do business. Noteworthy is that you should not only be aware of the GDPR laws, but also to become GDPR compliant. To put is simpler, you have to make sure that all of your customers’ personal information is used for legal purpose only, when needed only. Plus, it should be protected and kept in a proper secure way. Finally, as mentioned in the opening, the way your process data should be recorded and might be reported upon request.
What Steps Have To Be Implemented To Be GDPR Compliant? What Can They Mean In Technical Language (For Your Tech Team)?
To help you cope with everything GDPR covers, we have divided the GDPR readiness plan your team should prepare for into the following sections:
- For business owners and top managers
- For your technical team.
Things to consider for business owners and top managers:
- Learn the basics of the GDPR requirements: find an expert data governance solutions provider who can teach all of your team how to become GDPR compatible and ensure your staff has successfully passed the study.
- Evaluate and manage your Third-Party Risks: reduce your supply chain risk by performing your due diligence and carefully selecting your partners. Ensure that every of your partners correctly understands and complies with the GDPR. It’s crucial to know how your vendors operate including their security framework and how they manage all of their users’ data.
- Hire a data protection officer or a team: your business might want to have a special GDPR compliant department who would be responsible for keeping your business with the regards to GDPR and generating and sending the reports upon request. Of course, that brings addition expenses for you but on the other side, in that way, handling subject access requests within the GDPR new time frames would be easy and snap.
Things to ask your technical team to consider:
- Study the GDPR requirements: as mentioned earlier, your team should be taught how to work with the web data according to the GDPR rules.
- Audit the data your business already keeps: ask your team to carefully examine all data your company platform uses and find the weak points with regards to GDPR and develop and apply necessary changes.
- Achieve greater data security: encrypt all sensitive data. Use only novel data encryption technologies and techniques.
- Make sure all of your data is GDPR compatible: ensure the way all your customers’ personal data is kept corresponds to the GDPR rules.
- Turn to the Privacy by Design development methodology approach: let your team embed the privacy measures and privacy enhancing technologies (PETs) into the design of information technologies and systems.
- Include both web and mobile GDPR rules to your working process: both web and mobile data collected from your EU users should be treated and stored in a proper way. Make sure your web and mobile developers are aware of that.
- Provide your customers with a refuse marketing option: ask your team to make it possible for your customers to refuse being data-collected to conduct marketing affairs.
- Find the best data report option: Think about the best way to record your data management and processing.
- Prepare for data breaches: you should have the procedures in place and be able to easily detect and investigate any data breaches, and then to report about them.
By the way, Artelogic team can help your business become GDPR compliant. We are there to help you protect the interests of your business that would be able to maintain compliance with GDPR in a correct way across the world.