The ABCs of GDPR

The ABCs of GDPR

Acronyms and abbreviations used to be relegated to those in the military and government: MDA (Missile Defense Agency), USPS (United States Postal Service), RAF (Royal Air Force). But the proliferation of social media sites like Twitter and Snapchat has moved acronyms into the mainstream: IMHO, YOYO, JK, LOL (in my humble opinion, you’re on your own, just kidding, laugh out loud).

Acronyms can point to the past and mark how quickly things have changed; but in some cases, they can predict the changes to come. The EU GDPR (European Union General Data Protection Regulation) is one prediction you should pay attention to.

The massive proliferation and open transfer of data via the internet have produced vulnerabilities that have been exploited with increasing frequency. Governments are trying to establish protections that both safeguard the integrity and privacy of individual data and allow free data exchange, so agencies and businesses can deliver goods and services.

GDPR enforcement begins on May 25, 2018, and it is considered the gold standard regulation governing data privacy and exchange.

If your organization interfaces with EU citizenry (or with the United Kingdom) to collect and process data, you’ll need to pay attention to the changes about to happen.

Looking Toward the Future

Ultimately, the GDPR wants to harness the power of digital transactions while protecting the data rights of EU citizens. It places responsibility and accountability upon agencies that collect and process the data, and it details consequences for those who do not comply. Here are some key changes that are important to know:

  • Increased Territory: The GDPR affects any company — no matter where their location — that processes personal data of someone residing in the EU. Non-EU businesses processing data of EU citizens will have to appoint a representative in the EU to deal with the GDPR regulations.
  • Penalties: Businesses will have 72 hours to notify users in the case of a data breach. If there is a data breach, companies can be fined up to 4% of their annual global revenue, or €20 million — whichever is greater. If your business decides to do nothing, you could be fined 2% of your annual global revenue.
  • Consent: A request for consent to hold the personal data of an EU citizen must be easy for individuals to understand. Additionally, it must be as easy for them to withdraw consent as it is to give it.
  • Right to Access: Individuals can get confirmation of what personal information is being processed, where it is being stored, and why their information is being held. If EU citizens wish to know, a Controller must provide electronic copies of this data to the individual free of charge.
  • Right to be Forgotten: Individuals are entitled to have their data erased, ceased from further dissemination, and potentially have third parties halt processing of data. In the case that their data is no longer relevant to why they originally gave their information, they may also have their data erased.
  • Data Portability: The right to data portability allows individuals to obtain and reuse their data for their own purposes across different services. It allows them to move, copy, or transfer personal data easily from one IT environment to another in a safe and secure way.

While this legislation is comprehensive and will require several actions on your part, you have a year to ready your organization to succeed in this new environment.

Now that you know a little more about GDPR, it’s time to outline a plan to ensure your business is in compliance with the new regulation. FileFacets understands the importance of protecting sensitive data, and our tool can ensure that you are meeting the GDPR guidelines.

How can FileFacets Help?

The FileFacets Content Analytics tool allows you to scan multiple sources and repositories to locate and identify any Personal Identifiable Information (PII) or sensitive data that your organization may possess. The Analytics tool will constantly run so any new content with PII can be flagged and either deleted or moved to a secure and safe environment using the FileFacets Migration tool. FileFacets has the right tools to ensure you are compliant with the guidelines of GDPR.