If you’ve taken a look at your inbox lately, companies and providers are sending you GDPR (General Data Protection Regulation) policy updates. If you check every other news story dealing with privacy concerns, data breaches, and cyber security mishaps, “GDPR” is written and referenced. If you go to a news site, an ecommerce platform, or a web service provider, you may see a pop-up banner explaining how cookies are used for web tracking. Between “asking for consent” and sending updated privacy policies, the GDPR affects every commercial body in the online space. Even for HR organizations. And it goes into effect today, May 25th. Here’s a brief overview of the new privacy law:
What is the GDPR?
The GDPR is a European privacy law that regulates how individuals and organizations may collect, use, and retain personal data. It’s the latest effort to offer increased rights to individuals and keep organizations compliant with the new data privacy law. Any group that deals with people’s private data must meet new standards of accountability, security, and transparency.
Who is impacted?
Since the GPDR provides data protection for EU citizens, it applies to all organizations who offer goods and services to the EU customers. This includes U.S. companies as well. If you’re collecting personal data (including how data is collected, stored, processed, and destroyed) from EU citizens, you are liable for GDPR provisions. Which brings us to the next question:
What is considered personal data?
Information such as name, ID number, location data, online identifier, or other factors specific to the identity of that person qualifies as personal data. This also includes IP addresses, cookie strings, bank details, social media posts, medical records, and mobile device IDs. If you manage a large organization, this task may be overwhelming. So here’s the next step:
What do you need to keep in mind for the workforce?
After you map how your data flows and develop an audit, classify any areas of concern. You should have an inventory of all personal data of your employees, and justify reasons for its custody. Inform your workforce of the new rules and rights. Assess current data breach reporting procedures and establish a system that allows you to move forward with a transparent, secure, and compliant approach. If you don’t comply with the regulations, your company may be fined up to four percent of your annual global turnover. If there is a data breach, you’re required to notify a data breach authority figure within 72 hours.
With the new data privacy law rolled out, you’re just getting started with data protection compliance. While it seems like a daunting task, compliance is an evolving journey. Ensure that you keep up with best practices to avoid any breaches that may affect your organization.