The GDPR is a comprehensive data protection law effective from May 25, 2018 that strengthens the protection of personal data in light of modernisation, rapid technological developments and more complex data flows. It provides more power to the individuals whose personal information is being processed. It updates and replaces the data protection laws currently in place with a single set of rules, directly enforceable in each country.
Besides strengthening and standardising user data privacy worldwide, GDPR will require new or additional obligations and liabilities on data controllers and data processors. GDPR focuses on lawful processing of data, providing transparency to the data subjects regarding processing activities performed on their data, keeping data accurate, restrictions on marketing activities, processing involving automated profiling of personal data and disclosing personal data to another party only after ensuring proper technical and organisational measures.
Countries have substantially expanded the definition of personal data under the GDPR. To reflect the types of data organisations now collected about people, online identifiers such as IP addresses, cookies, sensitive data such as a person’s health records, and criminal records which also now qualify as personal data.Pseudonymised personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
Data: Govern and ensure the quality of data, assess what data is in use, its purpose. This is crucial for offering transparency and trust which is demanded from GDPR.
Governance: Translate GDPR into actions, norms and values. Consider effective measures which need to be taken
Security: Protection of the fundamental privacy rights (e.g. protecting the security and confidentiality of Personal Data. For e.g. providing proper use, notice, consent, choice, access, rectification and erasure
People:Train employees on GDPR requirements. Employees need to understand the risks and impact of improper data use. Identify the impact of GDPR on processes and what changes may be required.
