Is your company currently protecting personal data and information for EU citizens? If you do have clients in the EU, not being compliant with data security and privacy laws could lead to a lawsuit.
Making sure your company is following the latest rules and staying up to date on compliance is crucial. Let’s dive deeper into how you can put together a strategy for data loss prevention.
What is the GDPR?
The GDPR stands for the General Data Protection Regulation. These new policies are replacing the Data Protection Act of 1998 and rolling out much stricter standards for data security. The GDPR’s goal is two-fold.
They want to make sure that people have control over their personal information and how it is being used. The new regulations would address how cloud technology affects the security of personal data. The old laws were written before cloud technology was even developed.
The other goal is to create consistency amongst regulations across the EU. This will make it easier for businesses to comply with new standards and provide clearer direction of how to improve. Implementing this law on data loss prevention with help the market save roughly €2.3 billion.
When Does This Go into Effect?
This will be in full effect as of May 25, 2018. Companies and IT professionals are already beginning to prepare for the GDPR’s arrival. Some companies are having to restructure their entire IT practices. Even if you’re in the United States, you’re still affected if you’re handling data from citizens of the EU.
While this is an EU-wide regulation, in a recent survey, 28% of companies stated they were ignorant of steps their company is taking to prepare for the upcoming legislation change. The companies are responsible for making sure they are meeting new standards fully. If a data breach occurs under the GDPR, they are liable. These fines could be upwards of 4% of global annual revenue.
Data Loss Prevention under GDPR
The data processed under GDPR is held to a stricter standard. It cannot be held onto if the purpose it was originally collected for is fulfilled. The data must be used lawfully and in a transparent way.
Instead of using passive acceptance on data collection, it must be actively approved by the recipient. There also must be a record kept of this consent with details about how and when they approved it.
Types of Data Protection
There are a variety of data that the GDPR protects. Anything calculated from the web such as IP address, RFID tags, cookies, and location are protected under this act. Identity information including name, address, email, and phone number. Other data that is harder to quantify but still covered under this act includes health and genetics, racial and ethnics, political views, sexual orientation and biometrics data.
What Happens When There is A Data Breach?
Companies that have suffered from a data breach must report it to all affected individuals and supervisors within 72 hours of detection. This data breach report will not cover all of the details of the breach, but enough that authorities can look further into it and provide a strategy moving forward.
Companies that are following the GDPR will become more reputable because they must demonstrate they are in compliance. Having these appropriate measures in place to secure customer data will push companies to be proactive about responding to data breaches, if and when they occur.
What Does This Mean for You?
If your data is being shared with a company in the EU, it will be more protected and safe than it’s been in the past. The organizations that have your data will use it with care.
At Extract, we’re all about protecting data, both yours and your customers’. That’s why we’ve implemented secure ways of extracting data from sensitive documents and always stay up to date on regulations regarding the redaction of personally identifiable information. If you’d like to learn more about how we protect data, reach out to us today.
About the Author: Kari Siegenthaler
Kari Siegenthaler is a Marketing Specialist for the Marketing Department at Extract. Kari attained her Bachelor of Arts degree in mass communications and convergent media at the University of Wisconsin – Eau Claire. Wearing the “hat of all trades,” she has an unusual, hybrid ability to write narratives, creatively craft meaningful messages, and design graphically compelling images. Kari is passionate about effective communication and developing strategy plans that allow Extract to succeed and excel way beyond their goals.