Back in 2016, the European Parliament, the Council of the European Union and the European Commission joined forces in order to offer all individuals of the European Union enhanced data protection. This is how the General Data Protection Regulation (GDPR) appeared, urging all organizations, regardless of their size, to name a Data Protection Officer, among other obligations. The list of obligations is long and the consequences are not to be glossed over – and the 28th May 2018 deadline is approaching. Below we will elaborate on these requirements and look at the ways in which businessses will be impacted.
The GDPR’s effects do not only reach the citizens of the EU, but also those outside it, indirectly, through its requirements. And since most companies retain personal data on EU citizens, the GDPR will probably ripple beyond its initial estimates and eventually spread worldwide.
What is basically required of EU companies?
First of all, the core principle on which the GDPR is based is that all companies must store and manage personal data in such a way that the subject of said data can have it removed at any time or simply access it at will.
A second requirement of the GDPR says that this data must also be protected and secured adequately, both while it is in transit and while it is simply sitting in storage.
In order to efficiently secure data, companies will need to check a few steps and attributes off their lists, among which are:
- Personal data will need to be encrypted accordingly;
- Companies need to constantly test and evaluate the effectiveness of the measures taken to ensure data security;
- Companies need to be able to restore personal data in a timely manner, in case it was lost or damaged in any type of incident, be it technical or physical;
- The subjects of said data will need to be ensured that the processing systems and services in question can constantly provide integrity, confidentiality and availability.
Technical infrastructure is key
In order to correctly abide by these new regulations and avoid the hefty fines that can be issued, companies need to also upgrade their technical infrastructure. Until now, many organizations were comfortable still keeping data in silos – a rather handy, but impractical option.
However, this needs to change at this point – since they now need to be more in control of the data they hold, having a more clearer image on them. This does not only refer to structured data such as contracts and other similar service documents, but also to emails and social media data.
What is the bottom line?
In the end, the GDPR was conceived to serve everyone in the game: both those whose personal data is processed by companies and these companies themselves. Even though it may seem that your company’s growth will be impeded by this regulation, think about how your company has probably already tried to gain the most value of the data it holds and to optimize it. To this end, you can see this change as the legal framework that enables you to apply all these changes and be part of a community which speaks the same language.