If you use any online software during your day to day business tasks, you likely have started to receive messages about the General Data Protection Regulation, or GDPR, law that will be going into effect on May 25, 2018. This new European Union privacy law will serve as a replacement to the existing European Data Protection Directive to bring EU member states under a single umbrella that can be enforced by one data protection law. The GDPR establishes clear regulations and guidelines on how businesses or online entities are able to securely process, use, exchange or store data.
Any personal data, including basic identity information, location information, biometric data, political data, sexual orientation or racial data, is protected under the new GDPR law. Any business that doesn’t comply is subject to fines of up to EUR 20 million if they are in breach of the terms that have been laid out. In the event of a breach, businesses are required to notify affected EU residents within 72 hours of acknowledging a breach has occurred.
Who Does GDPR Affect?
Any organization that is established in the EU or sells products or services to EU citizens is bound by the new GDPR law. Even if a business doesn’t have a presence in an EU country but still processes personal data of EU citizens or has business practices that might possibly impact the rights or freedoms of EU citizens, they are also required to comply. In essence, even though this is an EU law you can see how it could affect any business that has an online presence or webstore that caters to an international audience.
How Can You Comply With GDPR?
Any business that is suspected of being out of compliance with new privacy laws is subject to a review of their data security and how it is being processed. Many technological measures may also have to be implemented to remain compliant in the future. However, there are several specific security actions that businesses can take now to ensure that they are compliant. Some of these security actions include:
- Security Testing – Businesses should take the proper steps necessary to regularly test the security of their data as well as evaluate the current systems to ensure no breach is detected and prevent a breach from happening.
- Data Encryption – If you are gathering information from your website visitors, it is important to ensure that you are encrypting and anonymizing any personal data that you may be obtaining to protect the privacy of your visitors.
- Data Restoration – In the event of a technical error, businesses should have the ability to restore the availability and access of personal data as soon as possible and limit the amount of time it is unavailable.
- Confidentiality Provisions – Businesses should have provisions in place to protect the confidentiality, integrity, availability and resilience of the data processing systems and services they utilize or provide.
If you are subject to GDPR law updates that go into effect on May 25, 2018, it can seem intimidating to browse the official policies. However, by taking the time to review your current security and data collection policies and make needed changes, you can ensure you are in compliance before the transition begins.