Fast FAQs about the GDPRJanuary 30, 2018
What is it?
The General Data Protection Regulation (GDPR) is a new privacy law that goes into effect on May 25, 2018. It gives residents of the European Union more control over their personal data. Many consider it the new gold standard for how organizations should handle personal data, as it’s a much-needed upgrade over an older law that hadn’t been updated in more than 20 years.
Who will it affect?
The short answer: almost everybody. The new law applies to a sweeping range of organizations around the world—anyone who collects and stores personal data about EU citizens. So it’s a huge deal for organizations everywhere, including the United States and other countries beyond the EU.
How will it affect your organization?
It depends on your size and what your organization does. But in general, the law imposes requirements on how you collect and process personal data. Among other things, you need to:
- Be transparent, fair, and ethical in how you handle and use personal data
- Use personal data only in specific scenarios that your users have previously agreed to
- Minimize how much personal data you collect and store (and limit how long you store it)
- Make sure the personal data you do store is accurate
- Keep any personal data secure, complete, and confidential
- Notify users quickly in case of a data breach
- Give users more choices about the personal data you collect and store
How can you get ready?
Complying with the law’s 160+ new requirements will take time, tools, process, and expertise across your entire business. You’ll likely need to change the way you protect, store, manage, and communicate about personal data. You might need to roll out new software. You’ll certainly need to roll out new business processes. And you’ll need to do it all before the deadline or face hefty fines.
There are many resources out there to walk you through the steps you should take to get ready. A great place to start is the Microsoft GDPR compliance site, which shows how Microsoft solutions can help. Also make sure to check out the 12-step checklist put out by the Information Commissioner’s Office, which is the organization in charge of regulating the new law.
For an even deeper dive, Gartner released a readiness schedule with 60 actions you can take across 9 areas, including dates and durations. It’s a great way to benchmark whether you’re on track. For example, they suggest that one of the things you should be doing this month is creating and publishing a new privacy notice.
How do I get help?
Many companies are finding that it’s best to get help from an expert to a) figure out exactly how the new law applies to their organization and b) look across their software and processes to pinpoint changes. As you can imagine, there’s been a bit of a boom in the privacy sector leading up to the GDPR, so there are plenty of options. Microsoft recently blogged a list of partners who are ready to talk you about the GDPR.
We at Binary Tree are also doing our part to help our clients with this upgrade. Specifically, we can help you move to Office 365, which Microsoft has committed will comply with GDPR by the deadline. To get started, get in touch.