Author: Jacek Materna / Source: The Next Web
It’s been just a few weeks since the General Data Protection Regulation came into effect, and aside from some high level lawsuits from activist lawyers looking to prove a point, it’s been pretty much business as usual.
The media portrayed GDPR as the next and possibly more disruptive Y2K, like at midnight on May 25, 2018, the data breach police would be knocking down doors and shuttering businesses.
This long drawn out regulation could actually take a few months to uncover non-compliant companies.GDPR is all about putting personal data back in the hands of the citizen, the individual, the consumer and so on. It’s an attempt by the EU to drive transparency for data use and governance over what ultimately belongs to the individual.
Today, monolithic organizations are taking data and turning a profit. Inherently, this isn’t a bad thing, but there’s little oversight or transparency into how the data is being used.
In addition, consumers are signing off on onerous terms and conditions written in dense legalese, not meant for the common person. Data is currency. Our data makes money for other companies via ads, our data should belong to us and we should have control.
You’re a company and you’ve updated your Privacy Policy, so now what?
In preparation of GDPR, many organizations have updated and redistribute their privacy policy. You may have been responsible for this action in your company. But now what? What follow up steps need to be taken to stay compliant?
Well, I’ll tell you.
Manage your data — Continuously audit and assess your data control. Compliance is all about controls that are continuously reviewed.
Make the right hire — If your business is predominantly EU-based or focused, it would make sense to have this as a full time role versus part of someone’s job. If something goes wrong your business could be in deep trouble. Invest in people, tools won’t get you there.
Don’t be a datahoarder — Review your data retention controls that allow you to manage how long your user and event data is held on your servers. Under GDPR, user and event data must be retained according to more strict settings; when set properly, your systems will automatically delete user and event data that is older than the retention period you select.
Having retention control is a key way to avoiding data hoarding and it provides an easy way to demonstrate compliance to auditors. So make sure to:
- Understand what data you’re gathering and also classify it. Understand what personal data is and what it isn’t.
- Make sure you understand where it’s held, how it is kept and how & when to delete it.
- Back it up, anonymize it and encrypt it.
- Do whatever you must, just don’t avoid managing it.
- Be open about your processes and don’t treat it as a secret. Your influencers, customers and other stakeholders will trust you as long as you prove to be trustworthy.
Deadline has passed, can we breathe easy?
GDPR is a huge shift in how business’ approach customer data. While the deadline has…
The post GDPR is here, but it doesn’t mean your business is done prepping appeared first on FeedBox.