Data & Intelligence, Strategy & Organization April 16, 2018
GDPR: Where are we now?
You’ve probably heard of the term “GDPR” as in the European General Data Protection Regulation quite a bit by now. But do you know what it entails? What the fundamental principles are and how this new legislation will affect your company? Not to worry. Cristian van Nispen is our ‘GDPR expert’ and will explain the current state of affairs concerning the GDPR in the video below.
In a nutshell
The GDPR will be introduced in Europe as of May 25th, 2018. From that moment onwards, all EU member states will have to have incorporated these laws into their privacy legislation. The GDPR entails a couple of changes. In short, this law will protect the rights of individuals whose personal data is being processed. Those rights will be strengthened and expanded. For example, an individual has to be informed in a language understood about what information is being collected with which goal, and how long this information will be saved. An individual must also get the option to change or delete his or her data. Another example of this new legislation is the law of data transfer ability. This law requires that you must be given the option to safely transfer your saved personal data from one party to another. For example, when you’re terminating a contract with one party and entering into a contract somewhere else.
But what the GDPR namely requires is a higher level of responsibility from the organizations that process data. This goes for both data owners (organizations that decide on the goal and the means of personal data processing) and the processors (organizations that process data in service of data owners). Both parties will be obliged to show their liability and control processes. They have to do this by taking thorough organisational and technical measures that ensure that data is being processed safely. Examples thereof could be the possibility for individuals to easily unsubscribe from e-mailings used for marketing purposes. But also, drawing up a protocol for the purpose of calling in data leaks on time and maintaining high-security standards of IT systems in which personal data is stored. If this new legislation is not being followed, the Dutch Authority Privacy may impose substantial fines.
It has become clear that the GDPR doesn’t include any explicit guidelines on cookie consent, but rather falls back on the national laws that are in place such as the updated General Regulation Data Protection in the Netherlands. It states current rules on cookie consent.
Every company should be past the awareness phase by now. At this moment in time, you should be actively mapping
- Which data you’re processing
- Where you’re saving it
- How it’s protected
Get your cookie consent in order and make sure you have your documentation such as processing agreements and a data leak protocol in order as well.
It’s a good time to identify which data you’re collecting and how you’re putting it to use. There might actually be some hidden opportunities you weren’t aware of yet!