What is GDPR?
We live in an age where the security of user data – what is both provided and collected – is becoming increasingly important. And measures are being taken to ensure that companies comply with best practices.
On May 25th, 2018, the General Data Protection Regulation (GDPR) will go into effect. GDPR is a European Union (EU) law that affects all companies that offer goods or services to EU subjects – even if that company has no physical presence in the EU.
The law puts limits on how personal data is collected, stored, shared, and made available. Fines for non-compliance with GDPR can be up to 20 million euros or 4% of a company’s annual global turnover – whichever is larger.
With severe financial repercussions at stake, it’s important to be familiar with the upcoming implementation deadline for the new GDPR, and ways that you can prepare.
What tools are available to prepare for GDPR?
PwC – a professional services consulting firm in the UK – has a great portal explaining more about the regulation.
One of the best breakdowns for the GDPR journey – and GDPR readiness – are five distinct phases identified by PwC, which can be found about halfway down their page.
- Conduct a Readiness Assessment: Gather information to assess your organization’s current GDPR compliance maturity, and to help understand your critical legacy risks.
- Find Remediation Gaps: Identify existing privacy capabilities and the work that needs to be done to bring your organization into GDPR compliance.
- Establish Oversight: Put your organization’s ongoing GDPR governance structure and model in place to coordinate and implement your remediation activities.
- Implement Your Program: Get your GDPR program off the ground, remediating gaps and establishing a privacy program.
- Conduct Operation & Monitoring: Once GDPR is in effect and your program is in place, conduct ongoing compliance to drive continued accountability.
While the phases may seem complicated, Microsoft has a free assessment tool that ties closely to the Discovery step, providing high-level evaluation of a company’s GDPR readiness. IBM also has a portal about GDPR readiness for those interested in another set of resources and assessment tools.
If you’re interested in diving into the full text of the GDPR, you can find more in-depth information here.
Can Fresh offer my company assistance and consultation in preparing for GDPR?
Absolutely. After you understand your GDPR readiness and are ready to move on to planning, taking action, and monitoring your ongoing compliance, Fresh can offer guidance. While we are not attorneys and cannot certify compliance with the GDPR, we understand the design and development considerations surrounding GDPR.
Key considerations include obtaining clear consent for personal data processing, clearly defining your data policy in plain language, the ability to receive and respond to data correction, erasure, and transfer requests, and more.
As the data privacy movement gains momentum, it’s important for companies to be prepared. If you’d like to talk more about how your website or web application can be more GDPR compliant, we’d be happy to help!