General Data Protection Regulation (GDPR) will be pertinent to all organizations, irrespective of their location or geographies who are: storing, processing, transmitting Personal identifiable information (PII) data of European Citizens. All organizations onus to compliance by May 2018.
Big question what is PII data: It can be data pertaining or revealing any information about you like DOB, Place, IP address, MAC address, cookies, health record, social or economic status.
General data protection regulation will bring revolution in all sectors of industries (BFSI / IT/ Health / FMCG/ School/ University). Organization need to align current strategy and direction in the safeguard of user (individual) personal identifiable information (PII) data. Re-alignment current framework, policy, process, privacy by design, privacy by security in application, Pseudonymisation, technology in the direction of protecting all users (individual) PII data.
All individuals have fundamental rights on their personal data which has been in the system for ages. It was not enforced to safeguard. GDPR lawfully mandates PII data are protected with the laws and articles laid by GDPR governing council body. Importance of GDPR will be beneficial to all users. For each individual data if organizations want to process or control they need to take consent from user. Without consent, no organization can use user’s personal data. Even data gets breached or leaked even after user’s consent the organization need to report incident within 72 hours to concern GDPR authorities.
For GDPR compliance, a lot of time, efforts and money will be involved. Because you will not only work on technology front but also you need to work around awareness among the employees. Key step to be success by spreading awareness. Some of the techniques like posters, quiz can be used to make employees and partners aware of the consequence if data is compromised. Whole gamut of information security will be more focus and align towards safeguarding PII data, prevent leakage, stop any unwanted use or malign of data.
A buzz everywhere is – How to go ahead that’s how to be compliance or how to make compliance. Various data privacy bodies coming up with all relevant ways to get compliance?
Suggested journey is to start with – “as-is” assessment, data flow assessment or infrastructure assessment. Happiest Minds GRC & Data Privacy consultants can guide or help organization where are they standing in terms of maturity. Consultants would help organizations to priorities key areas to strengthen or work on to be GDPR compliant.
Failure of not compliance to GDPR consequences will reputational loss, trust of customer relationships and business loss. Heavy penalty and fines result in brand damage.
In Conclusion – GDPR brings a revolution by giving fundamental rights on Personal Identifiable Information to user with 5 key Rights: Right to be informed, right of access, right to rectification & erase, right to restrict processing, Rights in relation to automated decision making and profiling.
Vishal Kapoor, Practice Lead, GDPR, Happiest Minds Technologies.
