Preparedness, isn’t that the other reason for a good night’s rest?
On May 25, 2018, we’ll Wake Up to the European Union’s General Data Protection Regulation (GDPR) which will forever change how enterprises collect, gather, store and process personal data.
And while those on this side of the Great Pond might think it’ll be business as usual, they’d be well advised to become aware and acknowledge that during these days of digital transformation, the world has grown smaller. That is, what happens over there will have an impact over here.
We need to be mindful that even if we’re physically over here, we might not be immune to upcoming changes in the EU, that the global market isn’t limited to consumers, but also includes those that might be our business partners, employees or independent contractors, from whom we’ve collected personal data.
Hybrid Cloud technology, and sharing software have allowed small businesses to transform in such a big way, that even the less tech savvy have collected and stored personal data. It’s imperative that we’re aware of the responsibility, and we’re in line with new regulations.
Right now might be a good time to check that our Vendors are also data compliant and that we’re familiar with the handling of personal data, because as quiet as it’s kept those policies might be legislated here, as hefty penalties might roll down hill.
So, maybe it’s okay that only a few are concerned with the GPDR, after all we’re thousands of miles away… but in a digital world, can we afford to ignore the ramifications?
We are also citizens, who have willingly shared a tremendous amount of personal data. We’ve played games and used Apps for free, not giving a second thought to our millions of finger swipes that have been used to collect data and then used as payment, in this our virtual and augmented reality.
Come May, all that will change. In addition obtaining consent, businesses will be required to have proper encryption for assured security, those businesses who store personal data to fulfill the purpose for which the data was collected will also have to:
- Audit on regular, documented basis.
- Incorporate technical measures to protect personal data from unauthorized access
- Antivirus software that provides both email & browser protection.
- Regular Automatic Back Up of personal data
- Enterprise Wi-Fi network password protected
- Remote access is only possible via Virtual Private Network (VPN)
- Privileged accounts only from dedicated devices & with limited access
- Data leakage prevention software to protect sensitive personal data
- Procedure for monitoring, detecting, analyzing & reporting security incidents developed and communicated within the enterprise.
- Prevention of automated decision making & profiling
- Data portability protection
- The right to have their personal data erased, i.e., “the right to be forgotten”.
- The right to ensure inaccuracies in personal data are corrected
- A general description of technology and organizational security measures, as part of records data of processing activities. Regular updating.
- Procedures and processes set up in case of data breach.
- Privacy by design principles in place for new processes or products that are being employed.
Yes, it’s a great big world out there that has somehow become incredibly small. Come what may, shouldn’t we be prepared?