Help, are you GDPR ready yet?
The new GDPR law (General Protection Regulation) is right around the corner, with just 3 months to go you have to be sure you are GDPR ready. In this blogpost we will explain the kind of changes the GDPR will bring and the consequences for your organization. With Microsoft you can be sure they are doing everything they can to be completely GDPR ready. They will make sure their cloud services are completely compliant to all the new rules and regulations.
What is the GDPR exactly?
The GDPR is a new worldwide law for privacy rights, security and compliance. The GDPR has been introduced back in April 2016, but will be officially effective in the Netherlands from the 25th of May in 2018.
This new law brings many new restrictions and demands to the table for residents of the EU. The residents will have more to say about who is using their personal data. The GDPR describes in detail how to manage and secure all personal data, while also respecting the particular choices of an individual for his or her data. Regardless of where this data is being sent to, processed or stored.
Does this affect my organization?
Probably, yes. This law affect companies, government agencies, non-profit organizations and all other organizations offering goods and services to EU residents. Companies that collect/store and analyze personal data also have to abide by the rules. The GDPR is applicable to any type of organization of all sizes and branches.
You can find personal data being stored in client databases, feedback forms, e-mail content, photos, CCTV footage, loyalty program records or HR-databases for example.
The 6 basic elements of the GDPR:
- Transparency about processing and using personal data
- To limit processing personal data and using it for specific legitimate ends
- To limit collecting and storing data for certain use
- To give individuals the right to alter or remove their personal data
- To limit the amount of time an organization can store personal data
- To secure personal data with an appropriate security method
A couple of examples
To give you a clearer picture of what this means, here are a few examples of new rights and restrictions:
- A resident of the EU has the right to know when an organization is using his or her personal data. They also have the right to demand that this data is removed or altered, and can refuse to let organizations use that data for marketing purposes.
- The right to data portability means that a EU resident has permission to move their data to another location and the right to full cooperation for this request.
- Securing the data is also an important aspect, this has to be confidential at all times. In the case of a security breach the person responsible has to report it to the appropriate authorities within 72 hours. If it appears that was a filiation of the personal rights of a resident you are to inform them personally.
- Organizations have to conduct a Privacy Impact Assessment (PIA) according to the authority guide lines for data protection. This way the impact on privacy of a certain project can be determined.
- Being GDPR compliant is not a simple adjustment, but a continuate process. If you do not comply by the rules you are risking high fines.
Click on this link to read more about the GDPR and explanation of some of the difficult terms used.
Microsoft technology can help you to comply
There are many tools and processes required when you’re re-evaluating all activities in the areas of privacy and data storage. At least when you have a well-built cloud environment and data management systems you have a strong and reliable base.
When you are working with a Microsoft partner (like Referit), you can rest assure that the technology that is being used can be completely trusted. Microsoft can offer the most elaborate compliance-portfolio within the technology sector.
We can also assist and advice you in creating the perfect course of action to take for your organization.
Contact us: firstname.lastname@example.org