General Data Protection Regulation (or GDRP for short) is just around the corner. From the 25 May 2018 and beyond, all companies doing business within Europe will be bound by this new set of regulations.
So, what is the objective of GDPR? Simply put, GDPR will allow citizens to have more control over their personal data collected by organisations, such as their name, address, and credit card data.
In essence, the new regulation dictates that whoever is collecting and storing such data must do so in a legal manner and under strict conditions. If it is not protected sufficiently, that organisation could face a hefty fine.
Organisations in the UK are wondering whether Brexit is going to influence this, and the short answer is no. According to the UK government, GDPR will work for the benefit of the country, which is the reason why it needs to be enforced.
Specifically, for the purposes of being GDRP compliant, organisations are encouraged to use techniques like pseudonymising, so they can still collect and analyse customer data, while ensuring the privacy of their customers is protected.
When GDPR comes into full effect, individuals will have the right to know when their data is hacked. Should it come to this, organisations will also be required to notify the appropriate national bodies in a timely manner. One of the most noteworthy changes is that if you, as an individual, no longer wish to have your data stored, you may request it be deleted if there are no grounds for storing it.
Is your organisation ready for these changes?