One of the biggest changes in regulation of data protection and privacy will take effect very soon – the General Data Protection Regulation (GDPR).
What is GDPR ?
(Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
On 25th May 2018, the legislation – designed to protect EU citizens’ data – will become law. Its intent is to ensure that organisations are including privacy in their security strategies and make them more accountable to their customers.
What are the new measures?
Right to be forgotten: Consumers will be able to ask businesses and organisations for access to their personal data and for it to be wiped, giving them more control over how their information is removed.
Personal data: Personal data will be expanded to shocase IP addresses internet cookies and DNA.
Privacy: The new legislation will make consent explicit. People will have to opt in to being put on cold-calling lists. They should be aware that their information is being passed on to marketing companies.
Automated processing: When individuals are “profiled” by an algorithm based on their personal data, such as an evaluation of their health, wealth or movements, individuals can demand this action is performed by a person, rather than a machine.
Data portability: Consumers will be able to move data between companies should they wish to.
New powers and criminal offences: The new fines will be up to £17m, or 4 per cent of a company’s global turnover, for breaching the rules. There will also be two new criminal offences, which could have unlimited fines. Re-identifying people from anonymous data and Changing data.
So how can businesses ensure they are compliant and what steps do they need to take? Here is a practical Six-Step process below.
1. Familiarise yourself with the GDPR legislation
Understand the legislation in place, as well as the implications of not meeting the required standards, by doing a compliance audit against the GDPR legal framework.
2. Keep a GDPR diary
Once you understand how you can meet the regulatory requirements, you need to keep a record of the process. This should be done through the keeping of a Data Register – essentially a GDPR diary.
3. Organise your data
Businesses must firstly find any Personal Identifiable Information (PII) – information that can directly or indirectly identify somebody – of EU citizens. It’s important to identify where it is stored, who has access to it, who it is being shared with etc.
4. Set Priorities
The first priority should be to protect the user’s privacy. When looking at the most private data or applications, businesses should always ask if they really need that information and why. Personal data is susceptible to hackers and has a highest risk of being breached.
5. Mitigate risks and processes
Aside from the most sensitive data, the next stage is to assess and document other risks, with the goal of finding out where the business might be vulnerable during other processes.
6. Revise the process many times
The last step is all about revising the outcome of the previous steps and re-editing, amending and updating where needed. Once this step is complted, businesses can set their next priorities and repeat the process from step four.
When you are working with Synel UK you can be sure that all the Synel UK products are GDPR compliant. With Synel Software Solutions you are at ease that you meet all the latest GDPR regulations.
For more information please email us at sales@syneluk.com or download our GDPR Fact Sheet.
