The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation.
The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation. To understand how GDPR (it’s usually called just “GDPR,” not “the GDPR”) came to be, you can check out the quick explainer video below:
If you’re a European business, the answer is yes. Even if your business isn’t based in Europe, it handles the personal data of EU citizens, so the answer is probably yes, too.
There are two specific groups who are subject to GDPR:
As the first law of its kind, GDPR laid out some concepts that are crucial to understanding the world of data privacy regulation in general. Some are used in other laws around the world. Others are GDPR only.
Wrapping your head around the full scope of GDPR compliance can be a challenge. There are many different elements of business operations to consider and lots of detail around each GDPR requirement. It’s best to start with an understanding of the basics and map out a compliance plan from there. See the checklist below for a simple guide to help guide your GDPR planning:
|Get familiar with data subject rights.
Under GDPR, subjects have a set of rights that businesses must be able to facilitate. Ensure your procedures and policies can deliver.
|Conduct an audit to discover the data you have.
Mapping your data is an essential first step to complying with any modern data privacy legislation. GDPR is no exception.
|Appoint a data protection officer.
A DPO is a vital, centralized point of privacy authority in a business. Designating a DPO puts you on the fast track to streamlining your privacy operation.
|Understand the nature of GDPR consent.
Consent is at the heart of GDPR. It must be “freely-given, specific, and unambiguous.” It must also be easy for subjects to withdraw consent at any time.
Yes, you can. Enforcement of GDPR is one of the major trends that privacy observers are watching. When GDPR came into effect in 2018, fines started slowly. Regulators gave businesses some time to get used to the new law, but fines have been climbing higher as the GDPR reaches maturity.
In the last year, regulators have levied a fine of $50 million on Google and announced intent to fine British Airways a whopping $183 million for a data breach. While these amounts are eye-watering, they’re not the key concern for most businesses. Instead, it’s the total number of fines issued — over 200 to date.
GDPR affects every business differently. If you’re a smaller business that mostly handles US consumer data, GDPR is something to be aware of and measure yourself against. As businesses move up in scale, the importance of GDPR and the risks posed by getting data privacy wrong increase significantly.
There are many companies out there, including Ethyca, that offer GDPR solutions for companies of all shapes and sizes. With thoughtful planning and adequate caution, GDPR is nothing to be afraid of.
Today we’re announcing faster and more powerful Data Privacy and AI Governance support
See new feature releases enhancing user experience, adding new integrations and support for IAB GPP
Learn more about the privacy and data governance enhancements in Fides 2.27 here.
Read Ethyca’s CEO Cillian Kieran describe why and how an open data governance ontology enables companies to comply with data privacy regulations and frameworks.
Ethyca sponsored the Unpacking Privacy Engineering for Lawyers webinar for the Interactive Advertising Bureau (IAB) on December 14, 2023. Our CEO Cillian Kieran moderated the event and ran a practical discussion about how lawyers and engineers can work together to solve the technical challenges of privacy compliance. Read a summary of the webinar here.
Ethyca’s CEO Cillian Kieran hosted a LinkedIn Live about the newly agreed upon EU AI Act. Read a summary of his talk and find a link to his slides on what governance, data, and engineering teams need to do to comply with the AI Act’s technical risk assessment and data governance requirements.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo