Other parts of this series:
GDPR is landing on 25 May 2018: all your questions answered
In this series on the EU’s General Data Protection Regulation (GDPR), I gave a detailed view of what the new regulations entail and how Accenture is using a technology-driven approach to add value to our clients’ GDPR journey.
With the deadline not far away, clients are asking more questions about what GDPR is and how it will affect their business. Media Post reports that between April 2017 and March 2018, searches for “GDPR” increased by 160 percent.
Here are 10 frequently asked questions (FAQs) about GDPR:
- What is GDPR?
General Data Protection Regulation (GDPR) gives individuals in the European Union (EU) control and protection of their personal data in a networked digital world.
- What is personal data and data protection?
Personal data is anything that could identify a person, either directly or indirectly. It includes a person’s name, phone number, social media contacts, even hobbies or interests. Sensitive personal data includes political affiliations, religious preferences and sexual orientations, which need to be processed with additional care and security.
- What is data protection?
Data protection means being proactive in how you go about ensuring that any data you obtain about individuals—whether customers or employees—is not leaked or misused in any way. It means respecting individuals’ right to be forgotten, give consent, not be profiled, suspend data use, portability, gain access to their own data, an explanation of usage or to be informed, remediation, and to be erased or deleted.
- What is privacy by design and by default?
Data protection is included from the onset of the design of systems. You design your systems centered on privacy as opposed to making it an afterthought.
- When is the GDPR deadline?
GDPR will come into effect on 25 May 2018.
Where is GDPR applicable?
GDPR applies to EU and non-EU companies that manage or process personal data of individuals and their activities in the EU. GDPR compliance is the obligation of both data controllers and data processors, even when they are third parties.
- How will GDPR be enforced?
Companies that don’t comply with GDPR will face penalties up to 4 percent of global revenue or €20 million, whichever amount is greater. Companies will have to answer to international compliance officers (ICOs).
- Why is GDPR being introduced?
GDPR has two goals: to give individuals control over their personal data and to simplify the regulatory environment for international businesses by unifying the regulation within the EU.
- How do I get ready for GDPR?
HR teams will have to demonstrate that they have processes in place to comply with new regulations. To do so, FS companies must find the right partner that provides not only software but can do a deep analysis of their systems and processes.
- What are GDPR requirements?
GDPR has eight requirements that reach across company operations and technology. They fit into the following categories: investment in human resources; increased data governance and inventory; data breach response; privacy engineering; third-party management; data erasure; data portability; and transparency to customers.
- What happens if a breach occurs?
The data controller must notify the relevant authority within 72 hours of the breach. This will be mandatory across all companies and departments, including HR, IT and payroll.
I hope you’ve found my series enlightening and that you’re ready to comply with GDPR. For more information, get in touch or have a look at these useful resources: