General Data Protection Regulation (GDPR) – What You Need to Know

Getting on the _GDPR Train_.png

Today is the day, folks! GDPR goes into effect today, May 25, 2018. What does this mean?

“A regulation in EU law on data protection and privacy for all individuals within the European Union and European Economic Area. It also addresses the export of personal data outside of EU and EEA. The GDPR aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.” (Wikipedia.org)

There are a few things this regulation does for businesses in Europe. In a global society, these things affect us all in one way or another:

  • Contains provisions and requirements for the processing of personally identifiable information of subjects in the EU
  • Business processes handing personal data must be built with data protection by default, using pseudonymization and anonymization.  
  • Business processes must use the highest privacy settings by default
  • No personal data may be processed unless done lawfully under the regulation
  • Data owners have the right and full control to revoke permission to their own personal data at any time

For more information about the specifics of the law, here are a couple helpful links:

https://ec.europa.eu/info/law/law-topic/data-protection_en

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

How Does This Affect Me?

GDPR affects companies operating in the EU and those who offer goods or services to customers in the EU. If you are a customer who does business with a company based in Europe, this regulation applies to them on your behalf. If the organization is breached, GDPR increases the liability for them to respond in the case of a data breach.

What Data is Included?

Name, address, photos. IP Addresses can be considered personal data. Genetic data, biometric data, and more, which could be connected to an individual.

There is a lot more information about GDPR on the Web, so here is a helpful article with a thorough explanation of some GDPR considerations. https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/

Generally speaking, GDPR is a new regulation with new considerations for how European businesses handle the data of their citizens and businesses. It took years to develop, and all countries in the EU and EEA must comply. But realistically, the U.S. does not have GDPR on our books. So what are the repercussions for U.S. business? In many ways, this is an unknown factor. As a managed services provider, we feel it’s important to stay knowledgeable on the global IT landscape and help our customers understand how global laws and regulations might affect them in a negative way. But, at least conceptually, the EU is attempting to take steps to protect data – and that is ultimately a good, positive thing.

If you have concerns that you may eventually be affected by GDPR for your business, please contact us and we can help you understand from an IT perspective how to navigate specific example scenarios and protect your data, your company’s data, and that of your consumers. Given recent, countless stories of large data breaches, privacy concerns, and more, this is something we should all be able to get behind. Interested in your thoughts!

-EB