GDPR – General Data Protection Regulation – is a pan-European data protection law that goes into effect in May 2018. Much has been said and written about it and the scaremongers keep rubbing the fine of ‘€20 million or 4% of the organization’s global annual turnover per incident’ in the event of non-compliance by any entity. But while this number might make you uncomfortable it does little to help you navigate the labyrinth of what it is you really need to worry about. This blog is going to simplify and demystify GDPR.
Let’s start with the two stakeholders – YOU and ME. YOU are the provider and I am the customer.
You have a few fundamental responsibilities
- What data are you collecting (of me)?
- Where is this data being stored?
- Who (in your organization) has access to my data?
- How are you providing safeguards to protecting my data?
- When will you notify me (and the authorities) if my data has been compromised?
And I have a few rights
- Access to my data at any time
- Modification of my data at any time
- Erasure of my data at any time
- Transfer of my data at any time
It’s that simple. OK – maybe not that simple, but I will help you through it. The complexity is in really understanding how YOU are going to fulfill your responsibilities and guarantee my rights. It’s Friday, so let’s not get into that just yet. We will delve into that topic next week. Until then – #Peace