GDPR give control to user on his data - Are you ready?
The principles of the GDPR
The general principles of processing personal data require that it is processed transparently. The purpose of processing has to be clear and legitimate. The amount of processed data has to be kept to a minimum, depending on the purpose. The data has to be accurate and the storage time has to be limited to a period that is bound to the purpose. Additionally, integrity and confidentiality of the data have to be protected. In short:
- Lawfulness, transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
Rights of the data subject
With the new GDPR it becomes more important to inform the customer, or the person whose data you process, about what happens to their data. What you have to be aware of is summed up in the following points:
- Transparency
- The right to disclosure of the subject
- Right to erasure: The ‘right to be forgotten’
- Right to restriction of processing
- Right to data portability
- Right to object
One important step towards GDPR compliance: Encryption
The responsibility is to comply with the GDPR lies with companies that process personal data. They have to implement technical and organisation measure that the data processing is done as per the regulation. One of the examples of these technical and organisational measures (TOM’s) are pseudonymisation or encryption. And encryption is not just the most important measure mentioned in the GDPR because it protects personal data appropriately. One of encryption’s central advantages is the fact that it helps deal with the new obligation to notify subjects in case there is a personal data breach. With proper encryption in place, companies do NOT have to notify their users, because the data is protected accordingly
Data Privacy:
By selecting a right cloud service provider and adopting standard practice one can be assure of it, if the internal organisation don't have defined process or practices.
Are you impacted? I will talk about operation challenges associated with GDPR in next poST.