Data protection has always been important but with the new GDPR implementation, now it’s becoming urgent. First thing first, let’s start with explaining what GDPR actually, who should be GDPR compliant and why is it important to your business.
The General Data Protection Regulation (GDPR) is a policy providing new rules for collecting and processing personal data of all individuals within the European Union (EU). So, no matter where their headquarters or operations are located- this regulation applies to all companies that control and process personally identifiable information about EU citizens. With GDPR, there are strict requirements imposed on the way businesses (both large and small) collect, store and manage personal data. By personal data – a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more are included.
If you are not that familiar with GDPR, here’s what you need to know – Differenz team has created a guideline on why and how companies can adapt to the new rules.
According to the official document by McKinsey & Company: Regulation of the Council of the European Union European Commission and European Parliament, those are the guiding principles for data protection:
Lawfulness
Data should be processed only when there is a lawful basis for such processing (for example: consent, contract, legal obligation…).
Fairness
The organization processing the data should provide data subjects with sufficient information about the processing and the meaning to exercise their rights.
Transparency
The information provided to data subjects should be in a concise and easy to understand format (for example: the purpose of consent should not be buried in a lengthy document of Privacy Policy only or Terms and Conditions.).
Purpose limitation
Personal data may be collected only for a specific, explicit and legitimate purpose and should not be further processed.
Data minimisation
The processing of personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which data is used.
Storage limitation
Data should not be held in a format that permits personal identification any longer than necessary.
Security
Data should be processed in a manner that ensures security and protection against unlawful processing, accidental loss, damage and destruction.
Accountability
The data controller is responsible for demonstrating compliance.
Having in mind all of the above-mentioned, companies can’t just be GDPR compliant – they have to show that they are compliant too, based on record-keeping and good governance processes and procedures.
Our team at Differenz System is well placed to address companies’ specific needs, whether it's through sharing our know-how on GDPR or helping your implement the best practice from the field. Reach out to learn more.