The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation.
The General Data Protection Regulation (GDPR) is Europe’s data privacy law — the first of its kind, and still the world’s most comprehensive piece of privacy legislation. To understand how GDPR (it’s usually called just “GDPR,” not “the GDPR”) came to be, you can check out the quick explainer video below:
If you’re a European business, the answer is yes. Even if your business isn’t based in Europe, it handles the personal data of EU citizens, so the answer is probably yes, too.
There are two specific groups who are subject to GDPR:
As the first law of its kind, GDPR laid out some concepts that are crucial to understanding the world of data privacy regulation in general. Some are used in other laws around the world. Others are GDPR only.
Wrapping your head around the full scope of GDPR compliance can be a challenge. There are many different elements of business operations to consider and lots of detail around each GDPR requirement. It’s best to start with an understanding of the basics and map out a compliance plan from there. See the checklist below for a simple guide to help guide your GDPR planning:
|Get familiar with data subject rights.
Under GDPR, subjects have a set of rights that businesses must be able to facilitate. Ensure your procedures and policies can deliver.
|Conduct an audit to discover the data you have.
Mapping your data is an essential first step to complying with any modern data privacy legislation. GDPR is no exception.
|Appoint a data protection officer.
A DPO is a vital, centralized point of privacy authority in a business. Designating a DPO puts you on the fast track to streamlining your privacy operation.
|Understand the nature of GDPR consent.
Consent is at the heart of GDPR. It must be “freely-given, specific, and unambiguous.” It must also be easy for subjects to withdraw consent at any time.
Yes, you can. Enforcement of GDPR is one of the major trends that privacy observers are watching. When GDPR came into effect in 2018, fines started slowly. Regulators gave businesses some time to get used to the new law, but fines have been climbing higher as the GDPR reaches maturity.
In the last year, regulators have levied a fine of $50 million on Google and announced intent to fine British Airways a whopping $183 million for a data breach. While these amounts are eye-watering, they’re not the key concern for most businesses. Instead, it’s the total number of fines issued — over 200 to date.
GDPR affects every business differently. If you’re a smaller business that mostly handles US consumer data, GDPR is something to be aware of and measure yourself against. As businesses move up in scale, the importance of GDPR and the risks posed by getting data privacy wrong increase significantly.
There are many companies out there, including Ethyca, that offer GDPR solutions for companies of all shapes and sizes. With thoughtful planning and adequate caution, GDPR is nothing to be afraid of.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo