The internet has made it possible for anyone to do business anywhere in the world. It doesn't matter if you sell homemade soap with a Wordpress site or multi-million dollar services to the government, if your enterprise uses the internet, it is a global business. And as a global business, there’s a whole host of rules and red tape regarding how you need to keep your customers data safe!
GDPR news seems to be everywhere and keeping up to date with what is relevant and what isn’t can be difficult even for the largest and most sophisticated organizations, but there are some easy steps that you can take to see if GDPR is something you should concern yourself with. Emagined offers a helpful set of tools that will assess your enterprise's readiness to comply with the provisions of the GDPR (click here for more info). If that seems too much too soon, Microsoft has a publicly distributed Excel file that we can email to you as a quick self-analysis. Fill out the information below and we’ll send you the Excel file.
IF you know GDPR is relevant to you then ask yourself:
What PII data do we collect and/or store?
Are we transferring the personal data outside the EU and if so, do we have adequate protections in place?
Have we obtained it fairly? Do we have the necessary consents required and were the data subjects informed of the specific purpose for which we’ll use their data? Were we clear and unambiguous about that purpose and were they informed of their right to withdraw consent at any time?
Are we collecting or processing any special categories of personal data, such as ‘Sensitive Personal Data’, children’s data, biometric or genetic data etc. and if so, are we meeting the standards to collect, process and store it?
Are we ensuring we aren’t holding it for any longer than is necessary and keeping it up-to-date?
Are we keeping it safe and secure using a level of security appropriate to the risk? For example, will encryption be required to protect the personal data we hold? Are we limiting access to ensure it is only being used for its intended purpose?
General Data Protection Regulation
It’s tempting to ignore the GDPR as hyped-up security nonsense that doesn't apply to you, that would be a mistake—and potentially a costly one. The GDPR went into effect on May 2018 and is specifically worded to apply to any company interacting with residents of the EU regardless of the company's location.
In other words, if you collect personal data on a single customer from any EU country, the GDPR applies. You may want to check this out. Take our quick 10 Question Quiz to find out if you need to be concerned about GDPR. Or, contact us for a free consultation. We’re happy to help out where we can.
For more information about GDPR and how Emagined can help visit our website.