It’s everywhere! You have heard your colleagues talking about it, most companies are working on the concept, discussions are happening, changes are being made and you have often run a search on it to know more too. So what is GDPR and how is it going to change the way we have been doing things so far?
Well, GDPR, better known as General Data Protection Regulation is one of the most important pieces of legislation today. The reason why some industries are in chaos as of now is that most of them have policies that do not abide by the GDPR laws and hence need changes.
However, looking at long-term benefits for consumers, GDPR has brought about some very stringent laws to protect individual information and their rights. If levied in the right manner, consumers can be highly protected and secured with the new implications.
While GDPR will be implemented in just about a month from now (official implementation date is 25th May 2018) here are some basic yet essential things that all firms need to bear in mind before the big day comes:
1. Know the core objective of GDPR:
Instead of reading pages and pages to understand about GDPR just know the basics of the act. The main reason behind implementing GDPR is to ensure individuals have complete authority of the data even if it is with someone else (another company for that matter) and companies should be more transparent about the data they sit on. In the end, any individual can ask a company to demolish the data they have of him/her for whatsoever reason and the company needs to do so immediately.
2. Collection and storage data:
GDPR states that personal data relevant to any employee should be handled with utmost care and stored only as long as it is required. With this policy in place, it becomes easy for both companies and employees/clients to only keep the essential data and let go with what is not needed, saving time, effort and money for both.
3. Ensure that data stored is secured:
With data breaching becoming one of the most hazardous aspects of storing data, under GDPR this could lead to great penalties. Hence, ensuring the data stored and used by a company is safeguarded is a priority. Similarly, it should not be stored on external devices like flash drives, disks etc. that can be accessed by anyone and easily misused.
4. Data safety responsibility:
As per the GDPR norms, while the entire company needs to be educated about GDPR and its norms, it is also important to have a designated individual wholly responsible for taking care of data. This person (Data Protection Officer) should be well-aware and trained in his duties. For a larger organization, an additional Chief Data Officer or Privacy Counsel can also be appointed.
5. Treat data right:
The simplest way to look at this is to ensure the data you hold is treated in the same way that you would expect your own data to be kept. So go the extra way, invest in necessary people and infrastructure to prevent misuse and ensure security and you will lead with GDPR.