05 Jun Do I need to comply with GDPR?
GDPR is an expansive regulation that will be applied internationally (not just the EU). It is not exclusively dependent on where you do business or who you do business with but the activities that you do. This regulation applies to:
(1) A company or entity that processes personal data as part of its activities at one of his branches in the EU.
(2) A company established outside the EU which offers good or service (paid or free) or is monitoring the behavior of individuals in the EU.
(3) All companies processing and holding personal data of residents of the EU, regardless of the company’s location.
What is Personal Data?
The processing of personal data is now any information that relates to an identifiable living person. Obvious examples would be:
A name and surname
Date of birth
So if your site has enquiry forms and/or email sign-ups for instance, these elements will now need to compliant with the new regulation.
But it also includes (this list is not exhaustive):
Health and genetic data
So if you can track someone via their IP address, you now need to disclose this and the visitor will need to have an affirmative acceptance.
When processing and securing this data, someone’s name and address needs to be as transparently disclosed and treated with the same care and diligence as a cookie or IP address.
No Data is grandfathered in:
Any data that you have collected from pre-GDPR expansion needs to now meet the new criteria. IE, if you have mailing lists that do not meet GDPR protocol, to use them would now be in breach of the regulation.
The Zeitgeist of GDPR is transparency and fairness, business need to now disclose clearly what they do, and how it will impact the visitor. It is the obligation of the organization to:
Map and classify all personal data.
Perform risk assessments
Hire dedicate data protection officers
Document every activity around data
Document everything you need to ensure legal compliance.
If you would like us to assess your business for GDPR, contact Aware today. We have an article on business impacts here.
- Meet Gozi: The Number 1 Financial Malware - October 19, 2018
- Meet the Gazorp Malware Builder - October 18, 2018
- What is Artificial Intelligence: Machine & Deep Learning - September 7, 2018
- The Three Tiers of AI: Automating tomorrow with AGI, ASI & ANI - September 5, 2018
- Aware TechBytes Number #4 - August 21, 2018
- VMware Workshop Power of Digital Transformation - June 13, 2018
- HTTPS: Naming and Shaming Unsecured Sites - June 12, 2018
- The 7 Pillars of GDPR Compliance - June 8, 2018
- ทำไม GDPR จึงสำคัญสำหรับธุรกิจ? – ผู้เชี่ยวชาญด้านความปลอดภัยและไอทีควรทราบอะไรบ้าง - June 5, 2018
- Do I need to comply with GDPR? - June 5, 2018