GDPR is the biggest change to data protection ever. Not only does it build upon the European data protection requirements that were already in place regionally, but the extraterritorial nature of this law means that it is not just companies in Europe who are busily implementing changes to their systems and business practises to ensure compliance.
GDPR is extraterritorial, this means that companies in countries outside of Europe are finding themselves having to comply
Any company irrespective of their location, who processes the data of those who reside in Europe must process that data in accordance with the GDPR or face the potential consequences of fines of up to the greater of €20m (approximately $22m/£17m) or 4% of annual global revenue. With teeth like those, it is no wonder that companies around the globe are busy improving controls, installing new software, updating policies and procedures as well as updating their business processes to ensure that they are compliant for the May 25th 2018 date of enforcement.
Data Subjects have the right to request their data as a data extract in a standard file format
One of the big changes in the GDPR, is the enhancements of the rights of the data subject, these build upon the rights that were part of the previous data protection requirements. Amongst the ones that are causing some companies real challenges are:
The Right to Data Portability
Data subjects have the right to request a data extract in a machine readable, industry standard (such as XML or CSV format). This is causing some sectors real concerns for customer attrition.
The Right to Manual Processing
Where automated systems or algorithms are used for decision making, (for mortgages and loans for example), data subjects have the right to request that their case be processed or reviewed manually.
How to Prepare for the GDPR
Fifth Step is helping companies around the world with their data privacy and protection requirements, particularly those relating to GDPR (EU regulation) and NYCRR500 (New York Department of Financial Services requirements). The following describes the approach that Fifth Step recommends their clients follow:
An important part of your data categorisation process is to ensure that you are categorising both structured data (data held in databases) and unstructured data (files and documents). Many organisations understand the need to deal with their databases, but fall-short when it comes to unstructured data. This is very much an area where your Seclore system and document classifications can help you. If you have already implemented Seclore then you are already ahead of non-Seclore businesses.