GDPR was passed by the European Union in 2016 with a two-year window for companies to comply. The number of companies and organizations impacted by this legislation has been described as “enormous” so it’s best practice to assume an organization that collects personal data must comply. Although the regulation goes into effect today, it will cover personal data collected prior to this date. Here are the top 5 things you should consider related to your personal data and new GDPR guidelines:
1. Data breeches:
GDPR requires companies to notify the Information Commissioner’s Office within 72 hours of a breach. This will likely result in far more notifications of breeches. While knowledge is power, there’s risk that people will be notified so frequently of information breeches that they’ll no longer follow-up to see if their data has been compromised.
2. Opt-in not opt-out:
Previously, you’ve shared most of your personal information by leaving the default selection to share upon signing up for a service or app. Now, you’ll have to actively consent or opt-in to sharing your personal data. We hope this will make people more carefully consider with who and when they share their data.
3. The right to be forgotten:
GDPR requires that a request to delete data, like in a profile or browsing history, must be granted with full erasure. GDPR specifies that it is the responsibility of the original data collector to notify other organizations that might have also accessed that data so that those copies can also be deleted. This includes Google and social networking sites.
4. No fees:
Consumers can now request access to their data. Companies can’t charge a fee for that access and they must comply within 30 days to fulfill the request.
5. Defining personal data:
The definition of personal data is very broad. It includes photos, social media posts, medical information, IP address, and banking data.
GDPR compliance has certainly forced some significant worldwide changes to the way personal data is collected and stored. The outcomes-both anticipated and unanticipated-are not yet know. We’ll continue to observe the state of data security, data loss security, and recovery options if data is lost. If you’ve been impacted by GDPR, especially unexpected, please let us know in the comments.