The General Data Protection Regulation (GDPR) is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens and residents back control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
According to research firm Gartner, Inc., this regulation will have a global impact when it goes into effect on May 25, 2018. Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.
To avoid being part of the 50 percent that may not be in compliance one year from now, organizations should start planning today. Gartner recommends organizations focus on five high-priority changes to help organizations to get up to speed:
-
- Determine Your Role Under the GDPR
Any organization that decides on why and how personal data is processed is essentially a “data controller.” The GDPR applies therefore to not only businesses in the European Union, but also to all organizations outside the EU processing personal data for the offering of goods and services to the EU, or monitoring the behavior of data subjects within the EU. - Appoint a Data Protection Officer
Many organizations are required to appoint a data protection officer (DPO). This is especially important when the organization is a public body, is processing operations requiring regular and systematic monitoring, or has large-scale processing activities. - Demonstrate Accountability in All Processing Activities
Very few organizations have identified every single process where personal data is involved. Going forward, purpose limitation, data quality and data relevance should be decided on when starting a new processing activity as this will help to maintain compliance in future personal data processing activities. Organizations must demonstrate an accountable ground posture and transparency in all decisions regarding personal data processing activities. It is important to note that accountability under the GDPR requires proper data subject consent acquisition and registration. Prechecked boxes and implied consent will be largely in the past. - Check Cross-Border Data Flows
As of today, data transfers to any of the 28 EU member states, as well as 11 other countries, are still allowed, although the consequences of Brexit are still unknown. Outside of the EU, organizations processing personal data on EU residents should select the appropriate mechanism to ensure compliance with the GDPR. - Prepare for Data Subjects Exercising Their Rights Data subjects have extended rights under the GDPR, including the right to be forgotten, to data portability and to be informed (e.g., in case of a data breach).
- Determine Your Role Under the GDPR
Having poor quality data has several impacts on an organization and could hinder your efforts to being in compliance. Visit Service Objects’ website to see how our global data quality solutions can help you ensure your contact data is as genuine, accurate and up-to-date as possible.
