-->

The dawn of the GDPR — Are you ready?

GDPR (Gen­er­al Data Pro­tec­tion Reg­u­la­tion) might seem like a com­pli­cat­ed chal­lenge that sure­ly con­fus­es many exec­u­tives and com­pa­ny own­ers. Even though at first glance the GDPR reg­u­la­tion may not feel like agile dig­i­tal age solu­tion, it nev­er­the­less is a nec­es­sary reform. The goal of the reform is to pro­vide the Euro­pean Union with an up-to-date, strong, uni­fied, and com­pre­hen­sive data pro­tec­tion framework.

Once enforced, GDPR will be an extreme­ly strict data pro­tec­tion law. Its gen­er­al pur­pose is to secure con­sumer infor­ma­tion and to ensure data pro­tec­tion rights. At the same time, it forces orga­ni­za­tions to reflect what data is being col­lect­ed and how this data is used. Infringe­ment of the reg­u­la­tions can lead to fines of var­i­ous amounts, and at worst, they can be up to four per­cent of annu­al rev­enue. Auch!

GDPR will affect all the orga­ni­za­tions that process per­son­al data in the EU. The def­i­n­i­tion of per­son­al data pro­cess­ing in the con­text of the reg­u­la­tion has been defined to prac­ti­cal­ly cov­er all types data use such as data col­lec­tion, record­ing, retrieval, alter­ation and destruc­tion. The data pro­tec­tion reg­u­la­tion is applied to both “Con­trollers” and “Proces­sors”. The data pro­tec­tion reg­u­la­tion sets a pur­pose and a method on to how the data is han­dled. This requires that data pro­tec­tion prin­ci­ples are applied to soft­ware, sys­tem, user inter­face, and web page design process­es from the begin­ning. The Con­troller or the Proces­sor is respon­si­ble to imple­ment and to devel­op tech­ni­cal and pro­ce­dur­al actions to ensure data safe­ty and GDPR compliance.

What can you do now to ensure GDPR compliance?

Doc­u­ment your answers to at least these questions:

  • What per­son­al data do you store?
  • On what basis you col­lect the data?
  • Where is the data being sent from?
  • How is the data processed and by whom?
  • Where is the data saved?
  • How and what do you tell peo­ple about how the data is processed?
  • How do you col­lect the data?

GDPR Sum­ma­ry Document

Cre­ate a doc­u­ment from this check­list, that you and your employ­ees can refer to, so that every­one knows what is includ­ed in the data pro­tec­tion reg­u­la­tions. After hav­ing done this, you can use the doc­u­ment as evi­dence to show that your orga­ni­za­tion is GDPR com­pli­ant, if asked. Also make sure that third par­ties asso­ci­at­ed with your com­pa­ny have appro­pri­ate GDPR poli­cies and strat­e­gy in place.

For sup­pli­ers, con­trac­tors and oth­er busi­ness part­ners, cre­ate or update exist­ing con­tracts. Con­firm that these con­tracts are in line with the require­ments of the data pro­tec­tion reg­u­la­tion. Fur­ther­more, check that your web­site and oth­er means of col­lect­ing cus­tomer and mar­ket insights are in line with the regulation.

Best of luck for the dawn of the GDPR and don’t hes­i­tate to be in touch in case you need help!

Con­tact Information:
Piia Hoff­sten
Chief Oper­at­ing Officer
piia.​hoffsten@​isletgroup.​fi
+358 40 5877 303

#GDPR #datase­cu­ri­ty #dat­apro­tec­tion #cyber­se­cu­ri­ty #Islet­Group

Like what you read? Share this!