An Introduction to the Global Data Protection Regulations (GDPR)
Every day, I hear more and more about GDPR, but what exactly is it and how will it affect both you and companies that you may deal with or work for?
Simply put, Global Data Protection Regulations (GDPR) are a set of regulations which the European Union (EU) is bringing in to strengthen and unify data protection for all persons within the EU. GDPR also covers the export of personal data outside of the EU.
GDPR: Who Owns the Data?
The primary objective of GDPR is to give control back to EU citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within EU Law. This regulation was adopted in 2016. It will come into force in May 2018. In the UK, the government has made it clear that GDPR will still be in place even after the UK leaves the EU. It’s important to point out that GDPR will extend the scope of the EU data protection law to ALL foreign companies processing data concerning EU residents. This has big implications for all businesses. Failure to comply with the EU General Data Protection Regulation (GDPR) can expose your organization to a penalty of up to 4% of global revenue.
Data Controllers vs. Data Processors
Basically, GDPR makes a distinction between what it calls ‘controllers’ of data and ‘processors’ of data. The controller says how and why personal data is processed and the processor acts on the controller’s behalf.
If you are a processor, the GDPR regulations place legal obligations on your company. As an example, you would be required to maintain records of personal data and processing activities and you will have significantly more liability if you are found responsible for a breach of the regulations. It’s important to note here that these obligations for processors are a new requirement under the GDPR and have a very important impact for all persons and organizations.
If you are a controller, you are not free of all obligations either. The GDPR regulations place additional obligations on you to ensure your contracts with processors comply with the regulations. So, in effect, the company has responsibilities and so does the individual.
Defining Personal Data
Organizations can find themselves in breach of these regulations by both their own actions and those of their employees. GDPR will apply to what it defines as “personal data”. However, the definition of this definition is quite broad. It will apply to a wide range of personal identifiers that can be used to constitute personal data, this will include all metadata any reflects the way organizations now collect information about people. This will affect any organization keeping records on any person within the EU.
Arming Yourself with Talend
My colleague Jean-michel Franco has already written extensively on how Talend solutions can help you manage and prepare for some of the upcoming hurdles that GDPR will present. However, I wanted to take some time to go over a few areas where Talend can really shine in helping you prepare for GDPR.
Automating Data Inventory Creation
In today’s world data is streaming in from everywhere: legacy systems, shadow IT, CRM systems, device sensors, digital apps, social networks, and more. Talend captures and maps critical data elements across disparate datasets, and then tracks and traces them with audit trails and data lineage. This helps you keep a 360-degree view on where your data is coming from, helping you stay within GDPR compliance.
Operationalize Rules and Workflows
“Privacy by Design” has become a legal obligation with the introduction of GDPR. Talend helps you design and operationalize data controls all along your data pipelines. You can easily anonymize or pseudonymize with data masking, remediate with data quality and foster accountability across teams with data stewardship workflows. Your organization will be ready for GDPR with established processes, and all personal data under control.
Manage Consent and Data Portability
Before you can process any personal data, GDPR mandates you to share access to the individuals whose information you will be processing. Talend enables you to manage opt-in consent across customer-facing applications, and implement data services to establish the right to be forgotten, right of accessibility, and right of rectification, also unlocking the right for data portability.
If you are not planning for GDPR now, you should be. We’re here to help you along the way. In fact, we just launched a free GDPR assessment tool that can help you discover how prepared you are for new GDPR regulations in 20 minutes or less. We’ve also built a 16-step data management guide that you can download for free here. Taking steps now (and onboarding the right data management solutions) will help you get ahead even while time is short.