11 Mar, 2019
What: Meant to protect the rights and freedoms of consumers, the General Data Protection Regulation (GDPR) is the primary law that regulates how companies protect EU citizens’ personal data. It came in effect on May 25th, 2018.
Who: The GDPR involves any company within in the EU, does business with in any EU country, participates in any targeted marketing in the EU, or collects personal data on anyone physically in the EU when the data is collected.
Some Key GDPR Compliance Requirements:
Even though the law was established by the EU parliament, GDPR’s scope well encompasses the US. 52% of US companies must comply with GDPR. Your company is subject to GDPR compliance if:
Article 3 of the GDPR states that if the company collects personal or behavioral data from someone in EU then the company is required to comply to GDPR. To explain the above point on target marketing, if a consumer in Poland finds an English-language based webpage that is targeted towards US and Canadian, then that Polish consumer is not protected by the GDPR if he decides to give his information to that site. Although, if the user in Poland were to find a site that was written in Polish was targeting EU users, then GDPR would protect him since that company would need to be GDPR compliant.
Industries most affected by the GDPR include: hospitality, travel, software services, e-commerce, and logistics. Becoming GDPR compliant is a massive and in many cases, an expensive undertaking that is necessary. According to Bloomberg (written prior to GDPR implementation), the world’s largest 500 companies could spend around $7.8 billion to become GDPR compliant. If a company is found non-compliant, they will be faced with fines, with the maximum being 20 million Euro or 22 million USD.
As seen above, a key requirement for GDPR compliance is Anonymizing data. This becomes a problem in IT practices such as testing and quality assurance. A survey, done by Vanson Bourne, with large company CIOs showed that “83 percent [respondents] use live customer data in test systems when testing applications, because they believe the use of live data ensures reliable testing and accurately represents their production environment”. This method of live customer data testing elevates the exposure of personal data and the risk of a data leak. This method can still be used but must be revised to include anonymizing techniques to be GDPR compliant.
The key to maintaining GDPR compliance is making sure you have proper systems set up to track and identify data. You need to be able to know where data is stored and what is it being used for.
From our mobile apps to customized software, we make sure all our solutions are GDPR compliant. Below is the checklist we use to make sure our mobile apps and websites are GDPR compliant.
The GDPR has been set up to protect the rights and freedom of consumers, and though it was established in the EU, it affects more than EU-based companies. Make sure your website, mobile app, software – really, any interactive digital medium – is GDPR compliant.
CHOOSE SHAREPOINT AS YOUR PREFERRED ENTERPRISE CONTENT MANAGEMENT
Digital Current | A Conversation with Joel Tracy, CIO of IMC Companies