The European Union’s GDPR is considered to be the most comprehensive framework to protect the privacy of personal information in history. The law should be viewed as a positive for the rights of a natural person to retain ownership of their information and not have their information manipulated for commercial gain.
HOW WILL THE GDPR AFFECT US-BASED COMPANIES?
The US stands to be affected directly by the GDPR. Put simply, the new privacy model applies to any company in the world that targets the European market in offering goods or services or profiles European citizens, and as a result, must process the personal data drawn from those member states.
According to Tampa based Compliance experts Schellman, “All companies processing EU personal information will have until May 25, 2018 to comply with the reform. It is important for these companies to note that the GDPR added new protections for EU data subjects that will require revisions of their current privacy and compliance programs”.
It’s worth pausing to understand what exactly is personal information.
According to Article 4(1) ‘definitions it states:
'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
TECHNOLOGY, THE PROBLEM AND THE SOLUTION
The GDPR laws exist because of the increasing pervasiveness of technology in our daily lives. However, one thing is certain, the increasing prevalence of individuals and corporations conducting business online using Cloud Based applications means that technology must be part of the solution. The big shift from a technology perspective is the concept of privacy by design, not privacy as an afterthought.
It is beyond the scope of this short blog to inform the role of technology in achieving GDPR compliance, but when considering onboarding a new technology vendor its worth probing as to the about the readiness and adherence to a privacy by design approach to personal data protection.
For further reading on the role of technology I would recommend Technologies role in data compliance by PWC.
To find out about more about our privacy by design approach, feel free to contact me directly Qnnect GDPR.