It is now 12 weeks until the new EU GDPR legislation becomes a globally enforceable law. GDPR is an important new EU-mandated regulation: it provides the foundation for how organizations around the globe collate and process sensitive customer information belonging to EU residents.
Some say this is the best thing since sliced bread, in that it gives back a modicum of control to some individuals whose data is being processed willy-nilly in many organizations around the globe. In a time where the erosion of privacy is a heightened concern for many, this is a step in the right direction.
Others see the GDPR regulation as yet another set of hoops that legislators are forcing them to go through, and think it will do very little if anything at all in terms of better securing an individual’s privacy.
Whatever side of the fence you sit on – and even if you sitting right on the fence – the facts are these: it will soon be law that will impact all organisations which regularly collect or process the data of individuals covered by GDPR’s EU legislative scope – no matter where they are in the world.
MYTH: It does not affect my organization because it has no base in the European Union.
If you have a website that requests personal identifiable data, chances are you must abide of the GDPR requirements.
From travel and insurance to retail and online services, *any* organization that collates, stores or transmits volumes of sensitive personal information from EU residents must have the correct process in place by the deadline in mid-May 2018.
Let’s underline this point: It doesn’t matter if the data is collected outside the EU. It doesn’t matter if the data is processed or stored outside the EU region. If the data you collect relates to EU citizens, residents and visitors, and you do not follow the guidelines outlined by the EU GDPR regulation, your organization could be facing steep fines, not to mention legal costs and mandatory audits.
That’s right – you read that correctly, any visitor who is in Europe at the time that the data was collected is also protected by GDPR.
Let’s be honest here – this is not a straightforward or simple piece of legislation. The regulation impacts data collection, processing and transmission by imposing new security requirements to secure the sensitive data at every step.
The EU resident must consent to giving you the data, as well as consenting to how the data will be used and shared. More importantly, the EU resident can request data updates, ask for all the information stored on him or her, and demand that his or her data is wiped from the database.
Here is a high-level checklist of requirements to act as an aide-memoire: