Biggest Challenges of the General Data Protection Regulation

Call To Games — Jun 2017

We’re nearly a year away from entering the European Union’s General Data Protection Regulation (GDPR).

A regulation that will affect the thousands of businesses around the globe that are storing and managing personal data of European citizens. Preparing for compliance is currently on everyone’s mind.

There isn’t one simple GDPR solution that makes businesses ready for the regulation. Transforming data and data processes is a lot of work, below are some examples.

  1. Identity resolution
  2. Companies that have different systems, databases, and customer data entries need to identify the data of each individual, displaying the most valid and up-to-date personal data.

  3. Consent Overview
  4. When the GDPR sets in, organisations will have to adopt a new constrained consent protocol allowing them to store and use personal data of individuals. Furthermore, consent from individuals must be specific to distinct purposes. In some cases, customers may need to link each individual to the various processes that he/she has agreed to, such as newsletter subscriptions, online purchase histories, campaign cookies, etc.

    Businesses will need to be able to provide an overview showing a list of the distinct purposes.

  5. Identify associated data
  6. The business processes described in #2 link to different data. For instance, businesses need a name and email address to send a newsletter. When profiling someone to send them customized marketing, name, gender, nationality, age, preferences, and maybe social media handles, may be required.

    Businesses need to identify the data categories that go with each processing purpose, and match and link these.

  7. Data governance
  8. The last thing is setting up a data governance framework and business rules for the data flow.

    How long is this data valid? You need to identify the sustainability of the data to set up a validity period. This is necessary because of GDPR’s new storage limitation requirement means you can only store data as long as it is necessary for the purpose it was collected for.

    Who has access to it? Minimizing who can see and use consumer data to the people within the organization for whom it is critical. For instance, social media handles may only be relevant to certain marketing and sales people, while the financial department doesn’t need to have access.

    Source: http://blog.stibosystems.com/the-four-biggest-pers...

What is GDPR?

The European Union’s General Data Protection Regulation (GDPR) is a data protection regulation that will have a strong impact on organisations and change the way these handle their personal data. It was developed with the intention of strengthening and unifying privacy rights and data protection for all.

Starting 25 May 2018, organisations will face stronger restrictions regarding the methods used to process and access personal data. The key changes that will result from the GDPR are the following:

  • stricter definition of what is personal data;
  • enhanced rights for individuals;
  • the principle of data minimization;
  • stricter consent rules; data breach notifications;
  • increased accountability;
  • and substantial fines.

How does this affect Celfocus?

A portion of our customers have already shown some concerns with this regulation. Therefore, Celfocus must provide assistance to its customers in the development of their internal projects, and to take into account the regulation’s requirements in the solutions proposed.

If you want to know more about this regulation, please contact the Information Security Team (information.security@celfocus.com).

What happens when you dare expert hackers to hack you?