“Privacy regulation is entering a new era!“
General Data Protection Regulation
The General Data Protection Law, or GDPR, will come into effect in May 2018. This new European privacy law focuses on how the data of EU residents is collected, stored, or analysed, and it affects anyone handling such data, including companies, government agencies, and non-profits.
It applies even if the organisation is not located within the EU themselves. Organisations that fail to comply with the new rules could face fines of up to €20 million or 4% of the company’s annual turnover, whichever is higher.
GDPR Key Changes
Personal Privacy – Individuals:
• Have the right to access their personal data.
• Must be able to correct errors in their personal data, or erase the data completely.
• Should be able to object to their data being processed.
• Must be able to choose to export their data.
Data Control – Organisations:
Are Required to;
• Use appropriate security methods to protect data.
• Notify authorities of any personal data breach.
• Acquire the appropriate consent for data processing.
• Keep records of any data processing that takes place.
Transparent Data Policy – Organisations:
Are Required to;
• Provide clear notice of any data collection.
• Outline their processing purposes and use cases.
• Define both their data retention and data deletion policies.
IT and Education – Organisations:
Will Need to;
• Train specialised privacy personnel and employees.
• Audit their data policies and update them accordingly.
• Employ a Data Protection Officer.
• Create and manage vendor contracts that are compliant with the new rules.
What Does GDPR Mean For Your Data
GDPR demands stricter controls on how personal data is stored and used. It requires the use of better data governance tools, to facilitate transparency, thorough record keeping, and diligent reporting. GDPR improves existing data policies to ensure data subjects have control and that any data is processed lawfully.
How To Begin With GDPR
It is vital to prepare your organisation for the new regulation now.
The General Data Protection Regulation (GDPR) may affect how you can collect, store, and use personal information. This can include:
• How you identify personal data in your system.
• How you store personal data.
• What transparency requirements you must work to.
• How personal data breaches are detected and reported.
• What training is considered appropriate for employees.
It is a comprehensive set of new requirements to adhere to. It is important to begin the process of reviewing your data management and privacy practices right away.
Organisations must be in full compliance with the regulations by May 2018. Compliance is vital – not only could noncompliance result in substantial fines, but it is also likely to result in significant reputational damage.
Four Key Steps
There are four key steps we highly recommend as a starting point for attaining full compliance with the GDPR. Microsoft offers a range of products and services that are robust solutions to these four key issues.
cloudThing can assist you to build the new GDPR requirements into your business models, ensuring you achieve full compliance and can maintain it. We can enable you to create stronger privacy, security, and data management practices that could transform your business.
A Powerful Solution: Microsoft and The GDPR
GDPR becomes law from the 25th May 2018 and Microsoft was the first major cloud provider to commit to achieving full compliance before the enforcement date. As we are a Microsoft Gold Partner, our customers can benefit from Microsoft’s long-term commitment to security, to privacy, and to full regulatory compliance and transparency. These commitments are reflected in the Microsoft products that we provide.
Microsoft are investing £11bn into their cloud platform and security is fundamentally at its core. The cloud platform already offers a comprehensive set of compliance capabilities – more than any other cloud provider. Microsoft products will continue to embrace this ethos and support organisations to meet GDPR requirements by working to ensure all products and services are fully compliant by the May 2018 deadline.
GDPR’s requirements can be met through Microsoft’s cloud and on-premise solutions. They can be used to locate and catalogue personal data, to build a secure data storage environment, to manage data, monitor it, and report on it as necessary. Microsoft provides tools and resources that can help your business to prepare for GDPR and attain full compliance with it.
GDPR Compliance Solutions Include:
• Dynamics 365.
• Office 365.
• Microsoft Cloud.
To learn more about the ways Microsoft solutions can help your organisation prepare for the new GDPR, contact one of our senior consultants today.
The team deliver a unique blend of strategic insight and practical delivery, and understand the need for IT solutions to be commercially-driven. They are pragmatic, transparent and communicate extremely effectively.