First things first. What does GDPR stand for?
General Data Protection Regulation
What is GDPR? The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
If you’ve been surfing the web and have been wondering why you are being bombarded by privacy pop-up windows, you can blame GDPR.
What are the penalties for offenders? Penalties for violating the GDPR can be harsh: as much as €20 (almost US$23 million, as of this writing) or 4 percent of your organization's annual global revenue, whichever is greater.
At the end of 2017 Jodi Daniels a data privacy expert explained the fundamentals of GDPR and what IT must do to comply. Here’s the action plan she recommended from that talk.
10 Ways to Take Action Today:
- Assign a dedicated individual (or team) to focus on GDPR
- Start listing all the systems that house data
- Determine if you are a data controller or a data processor
- Understand the transfer of data between you and a third party
- Document the personal data that is collected in each system
- Determine if automated data can be deleted (right to be forgotten)
- Determine if automated data can be ported (data portability)
- Consent (Can you document and provide evidence that a user opted into marketing programs?)
- Review security controls and determine what gaps exist
- Review the data breach plan (You need to be able to report breaches in 72 hours)
Do you need to worry about GDPR?
“Every organization—regardless of its location—doing business with EU customers will need to make changes to its oversight, technology, processes, and people to comply with the new rules.”
Whether we like it or not GDPR is here to stay and as businesses, we need to be prepared.