All about GDPR
GDPR or General Data Protection Regulation is one of the most recent regulations in the European Union that is in effect from 25 th May 2018. Since data privacy has been one of the major challenges due to the websites getting hacked in the recent times, the EU Law now requires that all personal information that could identify a person should be stored in encrypted format such that hacking and phishing will not result in personal information data breach.
This is of prime importance at a time when major social media networks such as Facebook and LinkedIn have reported and accepted the flaws in their data privacy techniques and the data leaks. GDPR is expected to protect the personal information of people which is accessed and stored by organizations across the globe.
What is GDPR?
GDPR is a regulation, an extension of the data protection laws laid down by EU’s Data Protection Act of 1998. GDPR not only intends to make data protection laws stricter, but also makes them easier to comply with by the companies. It is expected that GDPR will save the companies €2.3 billion annually.
GDPR requires every business that seeks private information from its customers/users to store it in an encrypted way. Companies are expected to employ the latest and best encryption methods such as Blockchain technology to store personal information about its users. This is to make sure that no personal information or individual’s identity is accessible to hackers.
GDRP is particularly applicable to all organizations that access information about EU residents. Whether you are a data collector or data controller, if you are collecting or holding private information about any EU resident, your organization must be GDPR compliant. The data collector should disclose the details of all or any data that’s collected, its purpose, whether it is shared with third-parties, and details of any such data shared within or outside EU.
Why do you need GDPR?
Data protection is essential, especially as every organization considers data as its most essential asset. Personal data is widely being misused by hackers around the world for misappropriation of money and for identity theft. Even though many data hacks go unnoticed, due to negligence, people are paying a huge price because of data leaks. In the recent times, Facebook’s share value dropped significantly when the huge data breach came into light.
That’s only one side of the issue! Many people went skeptical over the misuse of their personal information and decided to quit years of being in Facebook. People from across the world are now aware of the data privacy breaches happening through the websites and are more cautious on how they use the World Wide Web.
The simple act of browsing through a website is enough for the cookies to track your personal information, that’s apart from the forms people fill out providing information about themselves to websites of all kinds. While many people are oblivious of the consequences, the companies flourish with this information. Many companies fake themselves to attract more traffic and collect such information which they sell to third-parties.
GDPR is introduced to curb this tendency of stealing personal information. The idea is to “minimize collection of personal data, delete personal data that’s no longer necessary, restrict access, and secure data through its entire lifecycle”, as per Privacy by Design. GDPR will make websites more user-centric, offering them the much-needed user-privacy.
What all does GDPR cover?
GDPR deals with Personal Data and Sensitive Personal Data.
It contains 99 articles spanning 88 pages. It contains the rights of users on the data protection offered. It also contains the guidelines to be followed by businesses to protect user-privacy.
There are also guidelines on data breach notifications when the user information is hacked by third-parties, how to assure transparency, letting people know what information they are sharing and where it will be used, and who all have
been accessing user-information.
GDPR covers the following:
➢ Legality, justice and transparency
➢ Restricting the Purpose
➢ Minimal information
➢ Storage Control
➢ Truthfulness and privacy
As far as the users are concerned, GDPR assures the right to:
➢ Be informed
➢ Access information
➢ Data portability
➢ Object to processing of personal data
➢ Automated decision-making, including profiling
Which companies/people need GDPR?
Every business or individual that deal with the information of EU residents should comply with GDPR guidelines. You could be classified as a data collector or holder, an individual or a business having access to user-information, particularly, of the EU residents.
What is required to be done?
If you are an individual or a business dealing with personal information and come under GDPR, here’s what you should be doing:
- Be aware
- Be accountable
- Communicate with staffs and users
- Personal Privacy Rights
- Plan the data request changes
- Make sure you are legally compliant with GDPR regulations
- Review your data requests
- Take care of children’s data
- Report data breaches
- Data protection should be by design
- Appoint DPO or Data Protection Officers
- International Compliance
What are the implications of GDPR?
As far as businesses are concerned, the customer drives GDPR whereas the onus is on the business. Every business established in the EU is bound to be GDPR compliant. Whether you deal with data or not, if you conduct a business in EU, you must comply with GDPR. Even if your company is based outside EU, if your business handles EU residents’ personal data, you need to be GDPR compliant.
If you deal with personal information, you must appoint a DPO or Data Protection Officer.If your business does not comply with GDPR regulations, the amount of fine will be either 4% of annual global return or 20 million Euro, whichever is greater.
GDPR will alter the way companies deal with data. It even affects the way marketing and sales are done, since these largely depend on the customer data which comes under GDPR. GDPR will also change the customer experience as the information used for personalization is usually taken from cookies and cache which will be restricted now. Newsletter and emails cannot be sent without taking concept. The business must reveal what it will do with the data, which whom it will be shared and how the information will be used.
Organizations also report any hacking or data breach to the concerned customers as well as the authorities. In effect, GDPR will make sure that your personal information is not at risk in any way!