The General Data Protection Regulation (GDPR) came into force across the European Union on May 25. The most comprehensive data protection modification in two decades, the GDPR includes 11 chapters and 91 articles meant to protect the rights of individuals as well as their personal data.
How to know if your company is GDPR compliant?
First, check whether your company meets the following criteria:
- Your organization must abide by the rules laid down by GDPR if it processes or collects information from citizens in the European Union.
- It is not necessary that your business is located in the EU. You could be located anywhere else in the world, but as long as you collect data from European residents, you must follow the guidelines.
- You need to seek permission for storing and using a person’s personal data. And you must notify them about what you intend to do with the gathered information.
- Collect the correct kind of active consent from EU users.
- The moment you detect a security breach, the supervisory authority must know about the incident within 72 hours. Implement the right protocols for this purpose. But under no circumstances should you risk people’s rights and freedom.
- Maintain electronic copies of private records and provide access to people who request it. Do not forget to mention the personal data you are processing, the storage location of the data, and why you require that information.
- It is the responsibility of your data controller to remove the personal data of individuals from the company database. At the same time, they should refrain from sharing the information with third parties, who also need to halt processing immediately.
- Allow people to transfer data from one controller to the other. For that reason, always hand over the personal data of an individual in a commonly used and machine-readable
- Implement data security in every process and product from the beginning.
- Make sure your data processors and data controllers appoint a data protection officer. But not every organization needs a DPO. They are a prerequisite at public authorities and organizations where data monitoring and processing are carried out on a major scale.
A new report by accounting company RSM announced that almost one in three European businesses are not compliant with the General Data Protection Regulation.
RSM conducted a survey with the European Business Awards and spoke to over 300 companies. It was noted that medium-sized businesses are “struggling to understand and implement” GDPR.
Not GDPR compliant? Risks are rising
With business processes and technology evolving constantly, the associated risks to be GDPR compliant are increasing as well. Privacy by design and a cyber-aware culture are the only two options available for an organization to gain a strong position while maintaining the GDPR principles. It may sound alarming, but GDPR is a process — one that you should factor into every aspect of business and adopt as the norm.