GDPR data protection guide
What is GDPR?
Privacy is now a requirement.
The GDPR (general data protection regulation) is a law that enforces companies to take additional steps into securing their data and providing users the option to remove all personal data if requested.
This applies to all companies processing the personal data of data subjects residing in the European Union.It is basically a law that aims to protect and empower all EU citizens data privacy.
Enforcement date: 25 May 2018 - at which time those organizations in non-compliance will face heavy fines.
Is your business affected?
If you collect any data of EU members, YES.
The GDPR protects the following types of personal data:
- Basic identity information (name, gender, ID numbers, etc.)
- Web data (location, IP address, RFID tags, cookie data)
- Biometric data
- Political opinions
- Sexual orientation
- Racial or ethnic data
- Health and genetic data
Personally Identifiable Information (PII) is anything that can be used to determine the identify of an individual, that includes their name, email, address, phone, birth date or anything more specific such as an IP address, GPS data etc.
What can we do for you?
We can help you process private data securely and ensure compliance with the new GDPR law.
1) Help you store user personal data and information of an individual’s actions separately.
In case a breach affects your system, there won’t be leaks that can tie the information to a specific individual.
2) We can help you document the user’s personal data, as well as the sources it came from also keeping records of any data processing activities. This needs to be created and maintaining by a process that registers information sensitivity or storage period, availability and so on.
3) You also need to be prepared in case of personal data leakage to be able to notify authorities and alert users no later than 72 hours after the leak was detected.
We can build a system in place that collects any logs and information breaches and creates and automatic report that top management can quickly review and decide on the next steps to take.
4) Companies will have to provide users with the right to remove all their personal data from the system. That means that any user can request the deletion of their own records and you must comply.
In order to achieve this, all connected data must be automatically deleted. Querying the database and making sure that the connected information is removed safely is what we can ensure.
5) You’ll also need to hire a Data Protection Officer – this is the new industry requirement for any company that does ‘regular and systematic monitoring of data subjects on a large scale’, be it a staff member or an external service provider.
Get a free review of your data
Get in touch with us and we'll help you become compliant with the GDPR.