The enforcement deadline has come and gone, but there are many organizations around the world that are still grappling with the GDPR requirements for compliance. Consider a recent survey by Crowd Research Partners, which revealed that 60% of businesses would not make the May 2018 compliance deadline. The reasons? Lack of budget and staff with the knowledge necessary to make the changes required to meet GDPR mandates. This is going to cause most organizations increased angst over the year ahead, as they rush to change the way they collect, handle, and store personal data.
What is GDPR?
The European Union’s General Data Protection Regulation (GDPR) is a sweeping change to consumer data protection and privacy. The essence of GDPR isn’t complicated: to help enhance EU citizens’ ability to control what data companies may hold about them.
The goal of GDPR is to standardize data protection requirements for all 28-member states of the European Union. The rules apply to any organization that controls, processes or holds personal data on EU natural persons. The EU defines personal data as “any information related to an identified or identifiable natural person.” This could include names, IDs, email addresses, photos, hobbies, religion, and sexual orientation; even indirect identifiers are also protected, such as location data and IP addresses.
To comply with GDPR requirements, organizational and technical controls need to be put into place that will ensure that data is not compromised. This will require — among other controls — data protection impact assessments, data protection by design, and having a data protection officer in place.
A number of key data security and privacy requirements drive GDPR. To be compliant, companies must:
- Reasonably secure citizen data
- Anonymize collected citizen data to protect privacy
- Ensure the safety of data when transferring across borders
- Obtain consent to collect citizen data
Summary of GDPR Requirements
Additionally, the GDPR defines explicit rights for data subjects that companies must abide by in order to maintain their compliance:
|Data Subject Rights||What It Means|
|Right to Access||
|Right to Be Forgotten||
|Privacy by Design||
|Data Protection Officers||
The enforcement of the General Data Protection Regulation in the EU has far-reaching consequences for companies of all sizes and across all geographies. The implications for companies tasked with achieving compliance for their private cloud have a weighty responsibility. Regulators can levy fines of up to 4 percent of global revenue against an organization found to be out of compliance with key GDPR requirements.
More information can be found at at this website: www.eugdpr.org
GDPR for Private Clouds
A guide to planning and maintaining GDPR compliance for your private cloud