Monday 12 March 2018
The foundation of GDPR compliances lies in making the switch from an “opt-out” to an “opt-in” approach to data collection. Organisations will need to ask for permission before collecting data and provide details about how that data will be used, stored, and protected. Even signing up for an email newsletter will need to be accompanied by appropriate permissions and notifications. Companies must:
- State why personal data is being collected
- Describe the information being held
- Detail how long the data will be kept
- Outline the technical security measures in place
Perhaps the more complicated technical feat will be to keep tabs on data collected once it’s “in the system,” so to speak. When asked by a consumer to retrieve personal information, organisations will need to be able to find it, not simply assure the consumer it’s been lost. When asked to delete personal information, that data will need to be permanently eliminated and cannot be allowed to return, such as through a restore-from-backup procedure.
In addition to granting consumers new rights over their personal information, the GDPR also demands that all organisations handling personal data take steps to guard that data against loss, theft, or unauthorised access.
The GDPR states that any breach likely to have resulted in unauthorised data access is to be reported to oversight authorities within 72 hours. If the breach is likely to have individual privacy risk, affected individuals must be informed as well.
Some of the GDPR’s provisions are more difficult to parse. For example, a new data portability requirement promises to allow individuals to transport information from one organisation to another. A given company or other entity must provide the personal data in a common, machine-readable format and it’s recommended they assist with the transfer.
Especially organisations collecting or processing large quantities of data or engaging with highly sensitive data, such as genetic information, may want to seek outside counsel to assist with the more difficult elements of GDPR compliance.
Join @parkplacetech at #IPEXPOManchester on stand N312 to learn more about how they can support your hardware maintenance needs