The GDPR is a new inclusive data protection law effective from 25th May 2018 that reinforces the protection of personal data in light of modernization, rapid technological developments and more complex cross-border data flow. It serves more power to the persons whose personal details are being processed. It updates the data protection laws whenever required with a single set of rules, right enforceable in each EU member state.
The EU has considerably extended the definition of personal data under the GDPR. To reflect the types of data companies now gather about people, online identifiers such as cookies, IP addresses, and sensitive data such as a person’s caste, health records, and criminal records now qualify as personal data.
Besides consolidating and regulating user data privacy across the EU nations, GDPR will need additional responsibilities and liabilities on data controllers and processors. GDPR emphases on the lawful processing of data, offering transparency to the data subjects concerning processing activities accomplished on their data, keeping data accurate, restrictions on marketing activities, processing involving automated profiling of personal data and unveiling personal data to another party only after confirming proper technical and organizational measures.
Data: Govern and ensure the quality of data, assess what data is in use, its purpose. This is vital for offering transparency and trust which is demanded from GDPR.
Governance: Transform GDPR into actions, norms, and values. Consider all the effective measures which need to be taken to keep your data protected.
Security: Protection of fundamental privacy rights including proper use of data, consent, choice, access, and modification.
Note: Employees need to understand the risks and impact of improper data use. Identify the impact of GDPR on processes and what changes may be required.