Appropriate security & management of privacy data is a large concern for businesses, especially how that EU GDPR is in place. Companies, both private and public, have no choice but to keep up with requirements and ensure GDPR compliance, which may mean a complete overhaul in the way they have been handling data so far. If your enterprise is not aware of what it means to be compliant, it is absolutely important to understand GDPR at the base level. In this post, we are reviewing three things that businesses must know about GDPR.
- EU GDPR is not entirely new
There were laws for protecting privacy data in EU, but these weren’t enough to hold companies liable for their actions, or for imposing economic and other sanctions. EU GDPR basically holds companies responsible for data theft and security breaches, with penalties including heavy fines, often as much as 4% EURO of global turnover for a particular enterprise. Companies are now required to ensure and prove that they have been compliant as how they handle privacy data.
- GDPR will affect all companies
It is a common myth that GDPR will not affect a company if they are not into privacy data processing, or are not involved in it directly. No matter the nature and niche of your business, if you collect or handle privacy data, you have to be compliant to GDPR requirements. Companies have to be completely transparent about privacy data is being stored, handled, and how access rights are granted. In other words, it is not enough for your company to just announce that privacy data is protected, you will have to mention and clarity on access rights. If there is a data leak, or there are other breaches, companies are required to send information to relevant authorities and subjects, within 72 hours.
- Taking third-party insurance is a good way out
Companies will have to understand taking third-party insurance doesn’t protect them from losses and financial implications, because of non-compliance related fines. In case of non-compliance, the financial liability must be a responsibility of ‘Data Processor’ & ‘Data Controller’. In other words, insurance is not an escape from GDPR compliance. Even if your company has chosen to outsource data processing, the responsibility is still yours.
Do not take GDPR requirements for granted, and if your company hasn’t figured Identity & Access management yet, it is time to take control.