The General Data Protection Regulation is designed to harmonise data privacy laws across Europe. It applies to all processing carried out by organisations within the EU and organisations outside the EU that process EU citizens personal information.
So, why has this happened?
GDPR has been set up partly in response to the changing way that companies-especially in the technology sector- use and control data. The new regulations address certain current challenges with data security, through making both data controllers and data processors responsible for protecting data and providing a level of transparency and access that data subjects previously could not enforce. Of course, it still requires some effort on behalf of the Data Subject to make informed choices, but the detail and information must be available should the Data Subject go looking for it.
Additionally, the new regulations impact technology-firm activities. All businesses will be revisiting how they hold data; and all technology companies will have to think about whether they are meeting the requirements with the products and, especially, services they are providing. This should have a significant effect on the way data-controllers approach and use both data and technology going-forth.
Don’t adopt ‘the wait and see approach’
It is essential that all companies no matter their size start thinking about GDPR from the off-set rather than waiting to see what happens to other companies. It is important for companies to think about GDPR from day one. It is far, far easier and cheaper to be compliant by designing a business with privacy in mind, than to retrofit a business later. In fact, this is exactly what the GDPR requires – the principle of Privacy by Design – considering the privacy impact of any activity at all stages of design. Companies just starting out will be far more valuable if they get this right from the start than if they think they can fix it later.
What is Privacy-By-Design?
A key component of the GDPR legislation is privacy by design as mentioned above. Privacy by design is an approach to IT projects that promotes privacy and data protection compliance from the start rather than as an after-thought or ignored altogether.
Privacy by design requires that all departments in a company look closely at their data and how they handle it. There are many things a company will have to do to be compliant with GDPR. There are 5 key tips recommended to get you started:
- Map your company’s data
- Determine what data you need to keep
- Put security in place
- Review your documentation
- Establish procedures for handling personal data
It is a good thing!
While this may all seem rather burdensome, there are significant upsides to GDPR and this should encourage firms to put it into place so that it can in fact aid their business. The biggest upside to is that it will encourage better data hygiene. Holding less data that is more accurate and used for the correct purposes will likely end up saving businesses money in the long run through lower IT infrastructure, overheads and development costs.
By Ross Woodham, General Counsel and Privacy Officer, Cogeco Peer 1
The inaugural Data Protection World Forum (DPWF) was held on November 20th & 21st 2018 at the ExCeL London and welcomed over 3,000 delegates seeking the very latest insight on data protection and privacy.
Pre-registration for DPWF 2019 will be opening in the coming weeks.