The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation.
The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation. To understand how GDPR (it’s usually called just “GDPR,” not “the GDPR”) came to be, you can check out the quick explainer video below:
If you’re a European business, the answer is yes. Even if your business isn’t based in Europe, it handles the personal data of EU citizens, so the answer is probably yes, too.
There are two specific groups who are subject to GDPR:
As the first law of its kind, GDPR laid out some concepts that are crucial to understanding the world of data privacy regulation in general. Some are used in other laws around the world. Others are GDPR only.
Wrapping your head around the full scope of GDPR compliance can be a challenge. There are many different elements of business operations to consider and lots of detail around each GDPR requirement. It’s best to start with an understanding of the basics and map out a compliance plan from there. See the checklist below for a simple guide to help guide your GDPR planning:
|Get familiar with data subject rights.
Under GDPR, subjects have a set of rights that businesses must be able to facilitate. Ensure your procedures and policies can deliver.
|Conduct an audit to discover the data you have.
Mapping your data is an essential first step to complying with any modern data privacy legislation. GDPR is no exception.
|Appoint a data protection officer.
A DPO is a vital, centralized point of privacy authority in a business. Designating a DPO puts you on the fast track to streamlining your privacy operation.
|Understand the nature of GDPR consent.
Consent is at the heart of GDPR. It must be “freely-given, specific, and unambiguous.” It must also be easy for subjects to withdraw consent at any time.
Yes, you can. Enforcement of GDPR is one of the major trends that privacy observers are watching. When GDPR came into effect in 2018, fines started slowly. Regulators gave businesses some time to get used to the new law, but fines have been climbing higher as the GDPR reaches maturity.
In the last year, regulators have levied a fine of $50 million on Google and announced intent to fine British Airways a whopping $183 million for a data breach. While these amounts are eye-watering, they’re not the key concern for most businesses. Instead, it’s the total number of fines issued — over 200 to date.
GDPR affects every business differently. If you’re a smaller business that mostly handles US consumer data, GDPR is something to be aware of and measure yourself against. As businesses move up in scale, the importance of GDPR and the risks posed by getting data privacy wrong increase significantly.
There are many companies out there, including Ethyca, that offer GDPR solutions for companies of all shapes and sizes. With thoughtful planning and adequate caution, GDPR is nothing to be afraid of.
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo