A three-dimensional look at data protection regulation

MUNICH - Oct. 13, 2017 - PRLog -- The data protection is going to change next year with the new General Data Protection Regulation (GDPR) coming into force. Businesses try to find out how this may affect them and what to do next. It can be a very tricky task to understand all the intricacies on your own.

The new rules will apply to all those in the EU who control data and/or undertake data processing. Moreover, non-EU businesses doing business in the EU will also be affected. Increased enforcement will come about with the new regime, backed up by greater sanctions. We are discussing the upcoming changes with Sigma Software expert, Katherine Gribok.

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Information Commissioner Elizabeth Denham describes the implications as "the biggest change to data protection law for a generation." How will it impact the current status rerum, what should businesses expect?

The new regulation passes the management power to the hands of a personal data holder (in words of GDPR – Data Controller, a company that collects PD). Businesses should be ready to face new challenges and bear new responsibility ensuring correct collection and processing of PD, proper transferring it outside EU, be ready to answer questions from any EU citizen such as: "What my personal data you process?", "Remind me when I gave you permission to use my data?", etc.

This means organizations must know how to gather, store, process, and transfer databases in the correct way, who and on what conditions may access them, ensure their new products and solutions can face these new requirements.

Why is it of such great importance? What are possible consequences for non-compliant businesses?

This Law contains many requirements that businesses must meet: gather data in a predefined way, pass them for processing to non-EU countries only under certain circumstances, answer the requests of data holders within one month strictly, etc. The violation leads to serious consequences: if personal data is disclosed or lost, the fines will start from 20 million Euro or 4% of the global annual revenue of a business (whichever is greater).

Many countries already have own legislation regarding Data Protection. How GDPR will influence these legislations?

GDPR will be obligatory for all EU countries and will replace the local laws. Still it often refers to these laws paragraphs in respect of labor legislation, children rights, and more.

What are the main steps to get ready for the new GDPR?

First, you should understand what kind of personal data you deal with: employees data, candidates, customers data, or else. Then, take a close look at legislation, analyze if every database, depending of its type, actually meets the GDPR requirements. Elaborate a roadmap for improvements and bring them to life before the "D-Day", May 25, 2018. If the company has offices or distributed teams in non-EU countries, special programs ensuring security for data processing should be implemented there, and people should know how to work with them.

How will GDPR change outsourcing?

The new regulation will require both Customer and Outsourcer to introduce a number of additional measures regarding personal data protection. Customer should ensure that personal data is collected legally and for a specific purpose. Outsourcer should process PD for the specified purpose only.

The new regulation is not a barrier for outsourcing companies, of course. They just have to be aware of all requirements and restrictions the new regulation brings, and follow the rules – that`s it.

The new regulation, does it influence software products somehow?

Yes, GDPR imposes requirements on the products themselves. Therefore, in cases when a SW product processes PD (for example, products for CVs management, employees data management), the client will need a GDPR expert to recommend changes in the product to make it compliant with the regulation.

How can Sigma Software help in preparations?

As many of our Customers have already granted access to our teams to their PD DBs, we faced the necessity to gain expertise in GDPR. Our Quality Management Department studied GDPR in detail and elaborated a dedicated program to get ready for the new GDP regulation that proved to be very effective: we manage the list of all projects where our teams have access to EC PD, these teams get appropriate awareness and skills in data processing and security engineering.

Read more:
https://sigma.software/about/media/three-dimensional-look...