But what does this mean to you? How does it impact your customers and what can you do to accelerate compliance? This article is designed to make the EU GDPR more digestible and to offer you a practical next step opportunity. Are you ready for GDPR?
What is GDPR?
With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals. The EU wants to give EU citizens greater control over how their data is used. Existing legislation pre-dates the boom of internet agencies sharing data and so this piece of unitary governance is playing catch up.
It affects companies that trade either in products or services in the European Union; this applies to all companies whether they are based inside or outside of the EU and where the company collects and stores data of any EU citizen.
The Regulations make the roles of a data ‘controller’ and a data ‘processor’ integral to an organisation’s compliance with the regulations. A data controller states how and why personal data is processed while the processor is the individual(s) handling/processing the data. “The definition of processing is very wide and it is difficult to think of anything an organisation might do with data that will not be processing”.
Who does it apply to?
The GDPR places specific legal obligations on both the data controller and processor. It relates to both ‘Personal’ and ‘Sensitive Personal Data’ – both defined here: Information Commissioners Office Organisations in the UK have been compliant for several decades under the DPA but the GDPR adds another layer to personal information including ‘online identifiers’ such as an IP address, as falling within ‘Personal Data’.
It is a controller’s responsibility to ensure their processor adheres to data protection law and a processor must themselves abide by rules to maintain records of their processing activities.
What role can you play in accelerating your customers’ compliance with the GDPR?
The global leader in cyber security, Symantec, recently surveyed interviews with 900 business and IT decision makers across the UK, Germany and France and it revealed that 96% of companies did not fully understand GDPR and a further 91% expressed concerns about their ability to become compliant. The need to ensure compliance when offset against the backdrop of a fine of up to 4% of annual global turnover, or €20m – whichever is greater – when in breach, is significantly heightened; a fine of this magnitude has the capabilities of putting many companies completely out of business.
By partnering with intY you are already ahead of many of your competitors in the market, in that you have access to the world’s leading cloud software applications from vendors who have committed to ensuring their products and services enable your customers to become GDPR compliant.
As more and more businesses drive data consumption through mobile applications and the veracious appetite of companies to profit from data, intY and its vendor partners are committed to ensuring you have access to GDPR compliant SaaS solutions.