What GDPR Is and How to Comply with It: A Brief Guide

As you have probably heard, the EU commission signed the General Data Protection Regulation (GDPR) back in April 2016. The legislation is designed to help companies handle efficiently the data challenges of the 21st century and give strict guidelines as to how to work with massive flows of digital information. It is set to protect web users (data subjects) from malicious use and loss of their personal info and, also, to give people greater control over how their records are processed.

GDPR is to take effect on May 25, 2018.

Company runners still have time enough to modify organizational processes to comply fully with new security rules, and today we will explain how they should start.

What Exactly Is GDPR About?

First off, it outlines how companies that work with EU personal data should obtain client’s consent. It gives instructions on how they should collect/store/process personal information, and urges firms to report, in case of a hack or system failure, any data breaches.

It also puts an obligation on companies to prove accountability – every business should be able to demonstrate, vividly, that it’s compliant with the GDPR and that it grants extensive rights (concerning data) to both its customers and employees.

This piece of legislation is to be enforced upon every firm that works with the personal data of EU citizens, not just businesses that reside in the EU.

GDPR is to be enforced upon every firm that works with the personal data of EU citizens.
Click To Tweet

Second, it affords data subjects:

• A right to be informed as to the purpose of the collection of their personal data
• A right to get a copy of that information in its entirety and in a portable format
• A right to have the personal records corrected
• A right to restrict data processing
• A right to have personal information erased from a company’s database (not an absolute right; if there’s a legal ground for a company to keep your data, it might, lawfully, reject such a request)
• A right to object to automated personal data processing

Why Is GDPR Needed?
The currently active Data Protection Directive, too, has outlined a comprehensive system for securing personal information. But, adopted in 1995, it lacks regulatory policies for handling the vast data flows of the digital world.

Also, it is merely a directive. The EU state members themselves (not the EU parliament) decide how to translate the guidance and integrate it with their country laws. Therefore, the security framework a European country ends up with often varies greatly from that in a neighboring state.

The 1995 Data Protection Act does require companies in countries outside the EU, be they data controllers or processors, to provide a satisfiable level of security. However, since there’s been no enforcement, many businesses have chosen to neglect it.

What Are the New Obligations for Companies (Data Controllers and Data Processors) Under the GDPR?

Again, the rules outlined by the law apply equally to companies in the EU area, those operating in the European market, and, in general, every firm that deals with personal info of European citizens.

The law requires companies to:

• Be accountable and able to demonstrate compliance
• Adopt the “privacy by design” approach
• Appoint an EU representative (if a company itself is not residing in the EU zone)
• Conduct due diligence on third-parties; ensure the right contracts are in place to work with businesses outside the EU
• Store records of processing (which regulators might request to see at any time)
• Have a system setup that allows a company to inform an authority about a data breach within 72 hours
• Notify data subjects about data breaches (when the data lost is sensitive, and the probable damage is high)
• Ensure there are technical and organizational measures taken to protect data rights of EU citizens
• Conduct privacy risk assessments
• Appoint a Data Protection Officer (for enterprises that store and/or process vast amounts of personal data)

What Should You Do?

Risk assessment, one of the key requirements outlined by the GDPR, is no strange procedure to enterprises around the world. Financial institutions especially are used to measuring financial, reputational and regulatory impacts of each possible information security fail.

However, it’s wrong to assume a company can get a pass by sticking to its standard processes in 2018. The new data protection act requires you to figure out how much damage a data breach can cause to a client’s privacy and integrity, not your organization, and take precautionary steps accordingly to that assessment.

The first thing CEOs should do is estimate who their data subjects are and how much information their companies are actually processing. This includes customers, employees, candidates who applied for a position at a firm and those who worked there in the past.

Also, establish precisely which type of data you work with. How personal is it? Health and criminal records, people’s religion and sexuality, sensitive financial information – a breach of these records could damage data subjects greatly. Therefore, if your company is one collecting such personal info, be sure to take on protection measures, technical and organizational, that are appropriate to the level of risk.

Besides that, we advise you to catalog the third-parties. An HR or a Performance Evaluation system – you’re probably using those, add them to the list. A CRM software? How about a software vendor(s) you’re outsourcing development to – do they have access to clients’ personal records? Determine clearly where your firm’s data is stored, who has access to it, and where the copies of it are.

An estimation of organizational risks will give you clarity as to the degree of compliance your firm should be aiming to achieve. Once it’s established, we suggest involving a legal team to check the lawfulness of your data processing (if it’s in line with the GDPR). If not, update the policies and, possibly, adopt new procedures.

If necessary (if you do collect lots of personal records) appoint a Data Protection Officer to ensure that every practice you have in place is one allowed under the GDPR.

Then, minimize the risks of data corruption by deleting the information your company no longer needs. Developers in tech firms create backups of the main production base each time they apply a modification. That is what they are used to doing to stay on the safe side but, paradoxically, that is what can get them in trouble once the GDPR comes into full force.

Duplicates, excess fields in systems (CRMs, CMSs, etc.) and overall, the records you firm can do without should be deleted.

Also, start building up a procedure for fulfilling, efficiently, the requests of data subjects. Work out a way to grant the aforementioned right to your clients and employees alike.

Finally, once everything else is done, move on to data protection impact assessment DPIA for the projects your firm is currently working on. Use the official GDPR guidelines.

Conclusion
As a company runner you should ask yourself these questions:

• Do we have a legal ground to store and process the data we collect?
• Should we apply pseudoanonymaztion and encryption so that if data is lost there’s less damage?
• How many people at my organization have access to clients and employees data?

This will help you understand how your firm’s data collection and processing can be cleaned and improved.

The GDPR might seem daunting to adapt to, although, in fact, the principles it introduces largely resemble (and build upon) those in the currently active Data Protection Act. With a right amount of dedication, you can achieve the compliance without putting a whole lot of time and resources into it.

Would you like to hear more about GDPR and how to comply with it quickly? Reach out to our expert for a free consultation.

The post What GDPR is and How to Comply with It: A Brief Guide appeared first on Perfectial.

DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the conference tracks for CloudEXPO | DXWorldEXPO 2018 New York.

DXWordEXPO, colocated with Cloud Expo will be held November 11-13, 2018, in New York City.

Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.

A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

DXWordEXPO 2018 New York and Cloud Expo 2018 New York agenda presents 222 rockstar faculty members, 200 sessions and 22 keynotes and general sessions in 10 distinct conference tracks.

• Cloud-Native | Serverless
• DevOpsSummit
• FinTechEXPO - New York Blockchain Event
• CloudEXPO - Enterprise Cloud
• DXWorldEXPO - Digital Transformation (DX)
• Smart Cities | IoT | IIoT
• AI | Machine Learning | Cognitive Computing
• BigData | Analytics
• The API Enterprise | Mobility | Security
• Hot Topics | FinTech | WebRTC

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

2018 Conference Agenda and Tracks, November 11-13, New York City

CloudEXPO covers all of these tools, with the most comprehensive program and with 222 top world-class speakers throughout our industry presenting Keynotes, General Sessions, Breakout Sessions along 10 focused tracks, as well as our signature Power Panels. Our Expo Floor brings together the world's leading companies throughout the world of Cloud Computing, Digital Transformation, and all they entail.

As your enterprise creates a vision and strategy that enables you to create your own unique, long-term success, learning about all the technologies involved is essential. Companies today not only form multi-cloud and hybrid cloud architectures, but create them with built-in cognitive capabilities.

Cloud-native thinking is now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector.

CloudEXPO is the world's most important, independent event where technology buyers and vendors meet to experience and discuss the big picture of Digital Tranformation and all of the strategies, tactics, and tools they need to realize their goals.

FinTech Is Now Part of the DXWorldEXPO / CloudEXPO Program!

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Accordingly, attendees at the upcoming 22nd DXWorldEXPO | CloudEXPO November 11-13, 2018 in New York City will find fresh new content in two new tracks called:

• FinTechEXPO
• New York Blockchain Event

which will incorporate machine learning, artificial intelligence, deep learning, and blockchain in two distinct tracks.

Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses.

FinTech brings efficiency as well as the ability to deliver new services and a much improved customer experience throughout the global financial services industry. FinTech is a natural fit with cloud computing, as new services are quickly developed, deployed, and scaled on public, private, and hybrid clouds.

More than US$20 billion in venture capital is being invested in FinTech this year. DXWorldEXPO / CloudEXPO is pleased to bring you the latest FinTech developments as an integral part of our program.

CloudEXPO is accepting submissions for this new track, so please visit www.CloudComputingExpo.com for the latest information or contact us at [email protected].

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Download Slide Deck ▸ Here

Only CloudEXPO brings together all this in a single location:

Attend CloudEXPO. Build your own custom experience. Learn about the world's latest technologies and chart your course to Digital Transformation.

22nd International CloudEXPO, taking place November 11-13, 2018, in New York City, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.

Sponsorship Opportunities

Download Slide Deck: ▸ Here

Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - software, platform, and infrastructure as a service.

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers.

Download Slide Deck: ▸ Here

Companies are each developing their unique mix of cloud technologies and services, forming multi-cloud and hybrid cloud architectures and deployments across all major industries. Cloud-driven thinking has become the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, and the public sector.

CloudEXPO is the single show where technology buyers and vendors can meet to experience and discus cloud computing and all that it entails. Sponsors of CloudEXPO will benefit from unmatched branding, profile building and lead generation opportunities through:

• Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
• Showcase exhibition during our new extended dedicated expo hours
• Breakout Session Priority scheduling for Sponsors that have been guaranteed a 35-minute technical session
• Online advertising on 4,5 million article pages in SYS-CON's i-Technology Publications
• Capitalize on our Comprehensive Marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
• Unprecedented PR Coverage: Unmatched editorial coverage on Cloud Computing Journal.
  
• Tweetup to over 100,000 plus Twitter followers
• Press releases sent on major wire services to over 500 industry analysts.

For more information on sponsorship, exhibit, and keynote opportunities, contact [email protected].

Speaking Opportunities

Download Slide Deck: ▸ Here

The upcoming 22nd International DXWorldEXPO | CloudEXPO, November 11-13, 2018 in New York City, NY announces that its Call For Papers for speaking opportunities is open.

Submit your speaking proposal ▸ Here or by email [email protected].

About DXWorldEXPO LLC

Download Slide Deck: ▸ Here

DXWorldEXPO LLC is a Lighthouse Point, Florida-based trade show company and the creator of DXWorldEXPO - Digital Transformation Conference & Expo. The company produces and presents CloudEXPO, DevOpsSummit, FinTechEXPO - Blockchain Event, the world's most influential conferences and trade shows.