The four horses of the GDPR apocalypse: Great resources to understand the new legislation.
The new General Data Protection Regulations (GDPR) come into force on 25th May 2018 and there is an abundance of information and misinformation on the web. I have taken a look at some of the best resources that is out there and compiled a series of presentations that I have found useful in understanding the new regulations and what companies need to do to become compliant. The scale of the change and the lack of preparedness makes me want to call this the four horses of the GDPR apocalypse.
What GDPR imposes on businesses.
The new legislation comes into effect in May 2018 and replaces the existing 95/46/EC protection. The new regulation is much more extensive and affects any company that handles personal data of EU citizens regardless of where the data is processed. Companies have a duty of care to safeguard the data from unauthorised access or disclosure. This liability is global and not linked to jurisdictions.
The legislation has three core stakeholders:
- Data Controller – Any company with customers who hold data on customers i.e. Telephone company.
- Data Processors – Hold or processes the data, i.e a hosting provider such as the telephone companies website.
- Data subjects – Customer data, Phone customer
The data subjects have specific rights:
- Right of Access
- Data portability
- Right to withdraw consent
- Right to rectification
- Right to erasure
- Right to be forgotten
- Right to object to certain automated decision making.
1. Planning: Kickstart your planning
The key to this is a data audit and knowing clearly what data you hold and the level of exposure you have to data breaches.
An excellent video that goes into a lot of practical detail on the way the new legislation works can be found below and is well worth watching:
It is also important to bring all your personnel up to date on the new legislation. There are some good courses been offered by ActOn which cover a range of levels and expertise and well worth a look.
2. Marketing: Risk or Opportunity?
There is also an excellent follow-up which is more focused on the user experience and good marketing practices – “How better data protection can drive greater value for your customers”. It argues that this is actually a great opportunity to use the new requirements of GDPR to audit your existing marketing approach and make sure best practices are implemented.
3. Security: Data protection by design and by default under the GDPR.
For a more of a in depth explanation of GDPR from a technical perspective, I would recommend reviewing the following video on “Data protection by design and by default under the GDPR”. It goes into a lot more technical details and has some very pragmatic and helpful suggestions. See my other blog post on how GDPR implemented properly could go a long way to help prevent security breaches:
4. Legal: GDPR and Data Processors
The new legislation could be quite challenging from a legal point of view, with many companies still unclear about wether they are adequately covered. This video gives an excellent legal viewpoint on GDPR and the latest best practice. A key to this is reviewing all the contracts you have with third parties and making sure that clear definitions of data controller/processor are defined and the responsibilities and liabilities are clear.
This brief introduction to the complexities of GDPR is just the starting point and is not intended to be an exhaustative list. I hope that you found it useful and if you would like to get in touch and understand how Projectmetrics can help with your GDPR implementation please don’t hesitate to get in contact form.