On May 25, 2018, the General Data Protection Regulation (GDPR) will come into force, and will change how organisations store, secure and manage personal data.
GDPR will affect the whole of the EU Zone, which currently spans 28 member countries and half a billion citizens. Its goal is to unify data protection across the European Union, but because applies to individuals within the EU or the European Economic Area (EEA), companies outside these zones will still have to meet the standards if they want to continue using data from customers in the EU.
The purpose of the new regulation is to give control of personal data back to the owner of that data. Every organisation should be aware that with GDPR comes huge fines for data breaches – up to four percent of annual global turnover or €20 million, whichever is greater. Therefore, the consequences of any data loss could be financially devastating for any company.
The data in question could be usernames, location data, online identifiers like IP address or cookies, or passwords. The loss of personal or work-related information – whether that’s access details, passwords, or any other customer data – is endemic today; almost 1.4 billion data records were lost in 2016 alone, an increase of 86 percent compared to the year before.
After next May, organisations will have 72 hours to disclose any serious data breaches to the relevant authorities – in the UK it’s the Information Commissioner’s Office (ICO), as well as the victim of the breach. The penalty for failing to notify them of a breach will be up to €10 million, or two percent of revenues.
The ability to ensure confidentiality, integrity, availability and resilience will be crucial – as will be restoring data in a timely manner in the event of an incident. Organisations will need a process for testing and evaluating the effectiveness of their security processes, meaning they will need to demonstrate they have taken adequate steps to protect the data.
Consensys7 specifically provides a solution to meet your article 7 obligation. This states:
GDPR article 7
"Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to the processing of his or her personal data.”
As with any legislation there any many ways to comply however if you want a solution designed from the ground up to allow your customers and prospects direct access to their preferences, putting themselves in control over the communications and ensure legal compliance then Consensys7 is the product for you. Give us a call!