Understanding the landscape of GDPR law can still seem overwhelming to businesses as they make every effort to ensure that they are compliant.
GDPR law was bought into force across the EU to protect individuals by regulating how data is captured used and stored.
The GDPR law includes:
- The right to be forgotten
- The right to be informed
- The right to access
- The right to rectification
- The right to restriction of processing
- The right to data portability
- The right to object
- The right not to be profiled
- US based companies need to comply – Initially many businesses outside the EU thought that they wouldn’t need to comply. The reality is, is that if they deal with companies within the EU, then yes, they do!
- Customers’ identities must always be authenticated – When companies release data, they must ensure that it is going to right person. By not authenticating customers beforehand, it leaves an ‘open door’ into accessing extremely important and private information.
- Controlling third parties – The right to be forgotten actually does mean ‘The right to be forgotten’. Ensuring that third party organisations within the supply chain have also deleted the contact’s data when you delete yours is absolutely essential.
- The GDPR regulation is emerging globally – Globally GDPR regulation is being recognised as a positive step. As other countries come on board with GDPR regulation or a similar version, no company will be exempt just because they are not in the EU.
- Having an incident plan post breach - Forrester’s senior analyst on the Security & Risk team and a Certified Information Privacy Professional (CIPP/E) Enza Iannopollo, explains that customers aren’t interested in how a data breach has happened. They just want to know how they will be protected in going forward and what they should do to protect themselves. Businesses need a plan in place so that when they contact customers, they know what to say and how to begin fixing it. By law companies are required to notify customers within 72 hours of a data breach.
- Training in GDPR – A data breach can come in many forms and does not just happen because IT equipment has been hacked. A data breach can occur due to staff irresponsibly storing and sharing information, where equipment is lost or carelessly discarding old equipment unsafely where data has been stored. Training staff on how to rethink in terms of GDPR law is key to a safer future for customers and businesses and will prevent further repercussions.
Has your company faced a data breach or are you looking to review or increase your existing level of protection? Here at Crendon Insurance Ltd we provide the necessary structures to companies so that they may analyse and improve their company culture towards GDPR and data protection through GDPR insurance. To find out more, please contact our data protection / GDPR insurance team or find further reading on our data protection / GDPR insurance website page.
Blogs use to write this article: