What is GDPR Compliance?
GDPR stands for General Data Protection Regulation. The purpose of GDPR is to support E.U. citizens right to protection of their personal data. GDPR accomplishes this by allowing individuals to understand what information organizations have on file for them, and giving individuals the power to rescind or control access to their data.
Who Must Follow GDPR?
GDPR is used for any organizations where the controller (i.e., the one who decides which data to process, why, and how) is established in one or more E.U. member states, goods or services are offered to individuals who may be located in the E.U. (natural persons only, not legal entities), and/or E.U. individuals’ behaviors are monitored. So basically, if you operate in the E.U., if you market to E.U. citizens, or if you monitor E.U. citizens behavior, then you must adhere to the standards set by GDPR.
What Are The Requirements of GDPR?
GDPR sets standards for how companies should process the personal data of citizens of the European Union.
- Lawful, fair and transparent processing – Companies must have a legitimate purpose for processing data, process data only for that purpose, and they must be transparent about what data they are processing and why.
- Limitation of purpose, data, and storage – Companies must only collect data which is necessary and they must not keep data once the initial purpose is fulfilled.
- Data subject rights – Individuals have the right to ask the company what information it has about them and how the company intends on using it. They also have the right to correct the data, object to processing, or even ask to be deleted.
- Consent – Clear and explicit consent from an individual must be obtained by a company before processing an individual’s personal data.
- Personal data breaches – Logs of personal data breaches should be kept, and if breached, notifications should be sent to individuals affected within 72 hours.
- Privacy by design – Companies should put organizational and technical mechanisms in place to protect personal data.
- Data protection impact assessment – When significant changes to the data processing procedure are made, an assessment should be performed to identify the impact on the privacy, security, and control of the data.
- Data transfers – Controllers of the data are accountable for the protection of personal data when being transferred inside, or outside, of the company.
- Data protection officer – A data protection officer should be assigned when there is significant processing of personal data in an organization.
- Awareness and training – Organizations must train and educate employees about GDPR compliant data handling best practices.
How To Get Started with GDPR
Data mapping is a good starting point when beginning your journey towards GDPR compliance. This practice allows you to identify what personal data you are collecting as well as how you’re collecting, using, protecting, and storing data, This allows you to compare your current practices to GDPR standards to see where you need to make adjustments.
If you need help with setting your company for GDPR compliance, Red Lion can help. Our GDPR services will assign you a dedicated GDPR compliance professional to help guide you and your organization through the process of achieving GDPR compliance.
Let Red Lion GDPR Services Assist With GDPR Compliance
Do you still have questions regarding GDPR? Red Lion GDPR services will set you up with a compliance professional that can help you to understand and comply with GDPR, regardless of complexity.
Contact Us Today