What is General Data Protection Regulation (GDPR) What You Need to Know?
GDPR AND ITS 12 STEPS TO IMPLEMENT
What is General Data Protection Regulation (GDPR) What you Need to Know? In April 2016, the European Parliament had finally approved the General Data Protection Regulation (GDPR) as the primary law regulating the EU’s companies/business to protect their citizen’s personal data. GDPR will replace an outdated Data Protective Directive and will come into force on May 2018, with the aim of primarily harmonizing and strengthening data privacy laws across Europe and to empower EU’s citizen’s personal data for transactions occur within EU member states. GDPR will act as one standard for the companies to meet within the EU. GDPR applies on the “controllers and processors “of personal data that can be any organizations, individuals, or a profit-seeking company. All organizations must be aware of all GDPR requirements to achieve GDPR appliance when it takes effect and if companies are not in compliance with the GDPR requirements then steep penalties will be fined for the non-compliance. GDPR protects various privacy data such as Basic identity information, Web data information (IP address, cookie data, etc.), Health, and genetic information, Biometric data, racial data, Political views, and Sexual orientation.
GDPR’s concept and principles are muck likely same as that of DPA (Data Protection Act), so if a company is complying with DPA (current law) then most of their approach to compliance GDPA will remain valid.
HOW TO PREPARE FOR THE GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR will have a great impact on a business or organization after being implemented. Here are the 12 steps that ICO has created to help prepare for GPDR.
- An organization’s key people must aware of the changing law i.e. GDPR and must benefit its impact.
- Need to organize personal data the organization hold and where did they come from or with whom being shared across the organization. If needed, conduct the information audits.
- Before implementing GDPR, an organization needs to review privacy notices and make any necessary changes.
- Needs to check a procedure covers all the individuals’ rights that GDPR includes.
- Plan to update your procedures and to handle subject access requests under the given time and provide any additional information.
- Should identify and explain your lawful basis for processing personal data in the GDPR and document it.
- If your business works with third parties then you may want to get third party risk management software to ensure you are GDPR compliant. It can also help with financial services and ABAC compliance on top of this.
- Refresh your existing consents if not meet the GDPR standards and seek fresh GDPR-compliant consent.
- Individual need to think about placing the system to verify individual’s ages and, if a user is a child (lower than 13) need to obtain parental or guardian consent for data processing activity.
- Make sure organization should have the right procedures in place to detect and report certain types of the personal data breach to the ICO.
- Should adopt a good “privacy by design” and carry out a Privacy Impact Assessment under the term ‘data protection by design and by default’.
- In the organization, it is important to make someone responsible for data protection or designate a Data Protection Officer to take responsibility for data protection compliance and assess within your organization’s structure and governance arrangements.
- If the organization operates internationally, need to determine your lead data protection supervisory authority.