Is GDPR a friend or an enemy?

General data protection regulation

GDPR (General data protection regulation) is a general regulation on personal data collection, unification, storage and use. The regulation has already come into force for both EU countries and companies headquartered outside its borders, but processing EU citizens personal data.

GDPR reformation affects customers and calls companies for its careful and responsible implementation. 6 basic principles laid the foundation for this regulation:

  1. Legitimacy and transparency. Any information concerning aims, methods and volumes of private data processing should be presented in simple and understandable terms.
  2. Privacy. The company is responsible for personal data security and integrity. It is obligated to protect personal information from unauthorized or illegal processing, damaging or destruction as well.
  3. Data minimization. It is not allowed to gather more private information than the certain set of purposes requires.
  4. The restricted number of objectives. The amount of collected personal data should be limited by purposes declared by the company.
  5. Accuracy. Incorrect personal data should be deleted or corrected according to users’ requests.
  6. Limites storage period. The data should be stored no longer than the certain purpose requires it.

What does it mean for users?

The rights of individuals, providing organizations with their personal data have been extended significantly.

According to GDPR, Personal data is any information that refers to an individual and leads to their identification (name, IP, address, email, etc.).

Nowadays customers have the opportunity to receive a transparent answer and understandable information on how the company uses their personal data (whether the information is transferred to third parties or not), on how and where it is stored. In addition to the previous point, the regulation gives users the right to ban any personal information processing or to delete it altogether from the net.

What does it mean for the enterprise?

The regulation is an especially important legislative document for SaaS-companies because it demands significant improvement of data protection.

The implementation of the regulation is a large burden for some companies as they haven't developed the methodology and haven't gained the experience on how to introduce its regulations and standards yet. Some firms will be forced to hire a team of lawyers to cope with the regulation, hoping that the GDPR inspection will ignore or bypass them. The violation is punished with up to 20 million dollars or 4% of annual income.

On the other hand, there are some positive sides too. The implementation of the regulation strengthens the loyalty and trust of the customers allowing companies to take the advantages of the consolidated European digital market.

GDPR-compatibility is neither magic, nor even a myth, it is a real necessity that can be seamlessly achieved. Just follow this To-Do list:

  1. Knowledge is power. Learn carefully some key requirements and restrictions of the regulation, and introduce them to your team.
  2. Update your privacy policies, make it transparent and clear for your customers. It would be great to mention which data you gather and what for (you can also point out where and how you store it).
    • deletes all social network profiles
    • blocks all emails
    • sails to the uninhabited island to live in the jungle
    • receives policy update notifications in a bottle
  3. Allow customers to view, manage or delete their personal data themselves.
  4. Establish the procedure helping your team to cope quickly with customers’ requests concerning personal information.
  5. Check your data repositories. Delete all unnecessary personal data you hold on customers(when you don’t work with them anymore).
  6. You should receive the clear confirmation of personal data processing agreement. It is a good idea to document when and how you have received it.
  7. Plan how to inform customers and EU agencies in case of violation or other emergencies.
  8. If it is possible, consult with experienced lawyers familiar with GDPR to deal with gaps in advance.
  9. Do not neglect any legislative document as the price for the violation may be too high.

So if you hesitate whether it’s worst to take into account all items in GDPR, to be sure that it is necessary as, on the one hand you’re always be aware of security of your personal information and, on the other hand, client’s trust will be obtain without any issues.

 Keep reading

An article a day keeps stupidity away

all articles