How-to: Understand and Implement GDPR Compliance Before May 2018

We now live in a global landscape, where data has quickly become a powerful currency. It's not unusual to collect customer data, with Internet automation driving our businesses.

But pre-checked boxes and implied consent won’t matter come May 25, 2018. That's when European Union’s General Data Protection Regulation (GDPR) goes into effect.

GDPR has one simple goal: Empower EU citizens by giving them complete control over their personal data and privacy.

As a company, this move might seem redundant to you. 74% of businesses don’t consider their ‘privacy track record’ as a top issue for consumers when they decide who to do business with.

Nonetheless, 92% of US consumers don't want “their browsing data sold or shared without permission.” 88% of European customers view “data security as the most important factor when choosing where to spend their money.”

Before we delve into how the GDPR will redefine your business, let’s first understand what this directive entails.

What does GDPR involve?

If you have a company (also a public body) that collects, holds, or uses personal data on EU citizens for any business-related purposes, irrespective of company location, you’ll be held responsible for data protection and compliance detailed out in this directive.

So, whether it’s for hotel reservations, marketing, or even advertising, you’ll need to employ GDPR compliance from May 2018.

Even if you’re a third-party service provider processing data to offer goods and services to the EU states. Or monitoring the behavior of data subjects within the EU.

Data subjects, i.e. your customers, have the final authority in companies using their personal data which – according to the GDPR – identifies an individual directly or indirectly.

The individual is at the core of data protection with increased enforcement and tough fines for noncompliance. 

Through the GDPR, customers now have the right to be forgotten at will, to know how their data is being used/stored, to be informed in case of any data breach, and to data portability at any point.

73% of privacy professionals see the GDPR as “the single most important advancement in privacy history” in the last 20 years.

What defines personal data?

There are two main categories you need to consider with GDPR compliance:

➢ Personal data

➢ Sensitive personal data

Personal data includes: Name, location data, IP address, cookie data, identification numbers, and RFID Tags.

Whereas sensitive data relates to health, genetics, biometrics, race/ethnicity, sexual orientation, and political preferences.

Per the GDPR, if you process more than 5,000 subjects in any 12-month period, then your company must comply.

Benefits of the GDPR

  • The legislation is applicable to all the EU member states. So, you’ll follow only a single set of rules.
  • GDPR will inspire thorough company privacy and security review. This gives you an opportunity to instill customer trust through transparency.
  • With your implementation of the GDPR, consumers will see you as a reliable brand that empowers them.
  • You can innovate and become an industry leader in streamlining consumer data access and storage.

Challenges of the GDPR

Quick note: If you haven’t introduced GDPR-compliant measures in your business yet, you’re already at a massive disadvantage.

  • If your company doesn’t comply with the GDPR measures, you’re liable to a fine amounting to either 4% of your global revenue or 20 million Euros – whichever number is higher.
  • You must regularly assess threats, employ stable data safeguards, and report any data breaches within 72 hours to concerned authorities after detecting them.
  • You’ll need to understand and implement the right standard of care, whether you’re a local fast food chain building its email list or a multinational company handling sensitive data.

Checklist to becoming a GDPR-compliant data controller or processor:

Wherever you’re in the GDPR execution process, you can use this checklist to review and apply the next steps to develop your data compliance, transfer, and recovery infrastructures.


➢ Determine your position under the GDPR

Conduct risk assessment through data flow gap analysis

➢ Hire a Data Protection Officer

➢ Integrate privacy by design


Review cross-border data flow

➢ Merge data storage wherever possible

Maintain accountability in every personal data processing activity

Employ end-to-end security measures


➢ Approach data compliance proactively

➢ Put consumers first

➢ Be ready for consumers exercising their rights

. . . .

Data is one of the most valuable assets for a business nowadays. Which means data protection goes beyond a legislative activity that strengthens brand and customer relationship.

Yes, you might have to treat every data point as a European one. Hire technical expertise to introduce the overhaul. Spend a fortune to ensure GDPR compliance, internally and externally.

But when you approach the GDPR in a holistic, detailed manner, you can nurture a rewarding bond with consumers based on trust and process.

Views: 99


You need to be a member of Pune OpenCoffee Club to add comments!

Join Pune OpenCoffee Club

© 2019   Created by Santosh.   Powered by

Badges  |  Report an Issue  |  Terms of Service