How To Be Gdpr Compliant: A Guide For Saas And Beyond

You can read or write about phone number list
Post Reply
jakaria
Posts: 251
Joined: Tue Jan 25, 2022 4:26 am

How To Be Gdpr Compliant: A Guide For Saas And Beyond

Post by jakaria »

This seems to be the only thing everyone in the data security industry talks about, other than Equifax…Articles are written, consultancies spring up, and businesses quietly panic. Yet, like so many big legislative changes, many people don't know what GDPR is , how it might affect their business, or whether they should even be concerned. In this article, we'll look to dispel some of those misconceptions while outlining concrete steps on how businesses can adapt to the changes ahead . We have scoured the available resources to find the answers to our GDPR concerns and are now sharing them with you. (However, always employ a consultant. As you'll see, there's too much at stake not to!)We will not only explore the impact on European businesses, but also on businesses outside of the European market that process or control data that could come under scrutiny from these EU measures. SaaS companies will need to adapt their services to their large European customers, and if you work in the SaaS space, you may need to do this as well. Before I go any further, let me give you a Too long; Didn't read :The best brief summary of GDPR ethics I've read comes from Wired:For companies with more than 250 employees, it is necessary to have documentation explaining why people's information is collected and processed, descriptions of the information held, how long it is retained and descriptions of the technical security measures in place . The GDPR broadly states : You must have a system in place to manage data and security. You must have this system fully documented. You need to operate with GDPR settings, e.g.

Consent boxes cannot be automatically filled in as "yes". Businesses must respond to user access requests within one month. Requests for personal information should be handled free of charge. At the end of this article, you'll find a free checklist that uses ICO recommendations and Article 29 Working Party guidance to guide you through assessing your company's GDPR readiness! What is GDPR? GDPR Compliance What is GDPR The General Data Protection Regulation, commonly referred to as GDPR, is new European Union legislation aimed at standardizing data regulation across Europe while providing greater data protection and control to the job title email list consumer. The legislation was not particularly controversial. It is the product of four years of work by the European Commission in consultation with all 28 member states and an upgrade of previous data laws originally ratified in 1995. Times have changed and so has the law . The GDPR was adopted by the European Parliament and the European Council in April 2016 and publicly published, at the start of the transition period, in May 2016 in the Official Journal of the EU. The transition period allocated to the legislation is 2 years, which means that from May 2018 companies that do not comply could be subject to penalties . And, la la, what punishments they are! In 2016, TalkTalk was fined £400,000 for security breaches that led to hackers accessing customer data. Pharmacy2U was fined £130,000 for a similar failure to adequately protect customer data.

These fines of hundreds of thousands of pounds seem significant, but pale in comparison to the punitive powers available once the GDPR comes into full force. Recent research by the NCC Group has suggested that under the GDPR rulings, TalkTalk would have been fined a whopping £59m and Pharmacy2U would have had to bear a fine of £4.4m. In fact, the average fine under the GDPR is expected to be 79 times higher than existing penalties. GDPR-compliance-talktalk-data-breach-fine In general, the structure of fines will fall into two broad categories. Minor breaches will be subject to a fine of up to £10 million or 2% of a company's worldwide turnover , whichever is greater . While more serious breaches will result in fines of up to £20m or 4% of a company's worldwide turnover , again depending on which is greater. This is probably the source of the panic and the reason why so many consultants see this directive as a potential gold rush. However, just because these fines are available to government authorities does not mean they will be aggressively enforced. Many regulators were quick to signal that they were willing to work with companies to encourage compliant behavior and did not want to punish companies that make a welcome contribution to their economy.
Post Reply