GDPR Regulations Changing End of May 2018
As of May 25, 2018, organizations working with data of individuals residing in the European Union (EU) will need to be GDPR compliant. The GDPR, or the General Data Protection Regulation, is a set of rules designed to protect the privacy and personal data of EU residents.
What does this mean for you and your business? Well, organizations collecting or processing any personal data on EU residents must comply with the following if these organizations want to avoid large financial penalties:
- Privacy by design – Organizations that collect personal data on EU residents can only store and process data when necessary and can only be accessed when needed.
- Consent – Under the GDPR, individuals must opt in to allowing organizations to collect personal data and children must get consent from a parent or guardian.
- Pseudonymizing – Data collected on individuals must be obscured in a way that the data can’t be tied back to a specific person without additional information.
- Right to Access – Organizations must provide an individual residing in the EU with access to the personal data gathered about them upon request.
- Breach Notification – In the event of a data breach, organizations must provide notifications to the affected people or organizations within 72 hours.
- Right to Erase - Organizations must honor requests to erase personal data collected on the individual when asked.
- Data Portability – Organizations must provide a way for individuals to transmit data collected on them from one data collector to another.
- Data Protection Officers – Some organizations that process personal data on a larger scale may be required to appoint qualified data protection officers to ensure compliance.
The GDPR is essentially a bill of rights that ensures protections of data privacy for EU residents. If you or your organization does not understand these requirements and needs to be compliant, then it’s time for a conversation with our experts.