GDPR What Does It Mean to Us?

What is GDPR?

General Data Protection Regulation; it’s purpose is to protect individuals right to privacy and ownership of their online data, specifically data breaches and online piracy of personal information.

What does it mean?

If your website/company process personal data online, regardless of the companies physical location, it must adhere to this update regulation or face penalties. Click here for an overview.

Does the GDPR apply to me?

Maybe or maybe not, the regulation is set forth in the EU only, at this writing. If your company does business with anyone in the European Union, then yes it applies to you effective 5-25-18. We sell products to EU companies traveling to the US for conventions, trade shows and company functions, we consider our company applicable to the GDPR.

I’m in the United States, how do I comply?

Start by updating/creating your Privacy Policy and make it public. Have a conversation with your webmaster and IT team to confirm all data collected, through your online presence, complies with the GDPR.

Do I need a lawyer?

Maybe, if you have an attorney on retainer, have your Privacy Policy reviewed. If you’re doing business with an EU company, I recommend you do contact your legal representative.

The ensuing information is in regards to GDPR mandates, it comes from the CSO website

Data control

  • Only process data for authorized purposes

  • Ensure data accuracy and integrity

  • Minimize the exposure of subject identities, and Implement data security measures

Data Security implementation

  • Safeguards to keep data for additional processing

  • Data protection measures

  • Security as a contractual requirement, based on risk assessment, and encryption

Right to erasure: Data cannot be kept indefinitely, it must be erased when:

  • Data subjects revoke their consent

  • A partner organization requests data deletion

  • A service or agreement comes to an end

Risk mitigation and due diligence: Organizations must assess the risks and mitigate them.

  • Conduct a full risk assessment

  • Implement measures to ensure and demonstrate compliance

  • Proactively help third-party customers and partners to comply

  • Prove full data control

Breach notification

  • Notify authorities within 72 hours

  • Describe the consequences of the breach

  • Communicate the breach directly to all affected subjects

The GDPR took four years of preparation to get approval, I am taking it seriously. I believe that the United States will soon have a similar regulation to litigate data breaches and online piracy of personal information.

The Internet is not going away, we have an entire generation that have never NOT had Internet access. Millennials are working, owning businesses and demanding their rights be protected and they are being heard. It’s the right thing to do!

The most valuable entity on this earth is DATA!

With information we can do anything, including illegal activities that negatively affect individuals, their family and businesses. GDPR is another step towards accountability for actions taken and/or failure to act.