GDPR: What You Need to Know
What is GDPR?
GDPR stands for General Data Protection Regulation, which is a legal framework that regulates the way businesses process and manage personal data. The actual text of the GDPR consists of 11 chapters and 99 pages of information. Citizen rights, organizational obligations, provisions, definitions, and fines are all outlined in the GDPR.
Who does it affect?
The GDPR applies to organizations inside the EU and organizations located outside of the EU that offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. So if any European citizen’s data is touched at your company, even if it’s located in the U.S., you need to be compliant with the GDPR.
What is considered personal data?
Things like name, address, location, phone number, health records, income/banking information, and cultural preferences are all considered forms of personal data.
What steps can I take to become GDPR compliant?
There are many graphics and checklists that break down what you can do to comply with GDPR regulations. Here are a few steps you can take to start protecting your organization and your user's data:
- Create awareness. Make sure your employees understand GDPR and why you are collecting the data.
- Analyze personal data. Create and analyze a list of all sensitive data you manage, store, and process.
- Rights. Understand what access rights your data subjects have and how those should be handled and updated.
- Consent. Make sure customers consent to you processing and storing their data.
- Data breaches. Implement a procedure for handling a data breach.
- Impact assessments. Conduct impact assessments to help you minimize data protection risks.
- Data Protection Officers (DPO). Determine whether you need a DPO to manage your data.