Internet came into being in the early 80s and continued to evolve in decades. It provided a novel way of relaying information from its traditional physical form to electronic form. The information in electronic form is composed of binary 1s and 0s in its fundamental form. Over the years the world has gone through massive digitization of information which is commonly known as ‘Data’.
Today, we are living in the world of Artificial Intelligence, Data Analytics, Internet of Things and various rising technologies, data is becoming a new gold. Many refer to data as a new oil of the 21st century, However, unlikely oil, data regulation has long been a challenging task to do and it seems that this challenge will continue to expand as the internet embraces new technology, Population is entering the digital world and according to latest statistics 4,4 billion people are active internet users.
Now business and individuals have tons of digital data stored and processed online. This data has always been a subject to various cyber threats such as data breach, identity thefts, frauds and data leaks causing millions of dollars lost to individuals and companies. Investigating and incriminating these offences are thwarted due to lack of regulations and legal support for years, until serious efforts made by the EU to bring a data protection law known as GDPR on 25 May 2018.
GDPR is novel legislation from its predecessor to protect the data of individual users and giving more power over their data privacy. It has broadened the definition and scope of data to include information regarding IP address and cookies. On the other hand, it gives a lot of restrictions to entities owning and processing data that include third parties as well. This regulation is mostly concerned with EU citizens data. It might be a win-win for the individual users but for the business and data owners, it has a huge fine of 20 million euros in case of non-compliant with GDPR.
This might become a nightmare for business dealing with data of EU citizens but it is never too late to start your preparations and be GDPR compliant as it demands a variety of different operations to ensure the data privacy.
These 10 steps are a good starting point to ensure you are GDPR ready
1. Data Organization
In the GDPR era, you should consider while organizing the data you have on your customers, employees, partners, suppliers etc. This saves you a lot of time in case someone wishes to inquire about his data. It will also help you in an investigation to get the desired data efficiently and accurately.
2. Secure Data
This step is necessary to ensure that all the personal data you have on others in digital form is secured using a proper security mechanism. You must ensure that you have adequate security controls in place and not vulnerable to any hack attempts. Can you easily manage the data and easily destroy it and in a secure place? Make sure you have all these safety measures considered.
3. Don’t get unnecessary Data
Make sure you only have the data you need for the services you are delivering. Remove excess data as it migh get you in trouble if you become a part of an investigation
A fair policy is very important as an ordinary internet user should know about how the company will deal with the data they provide to them. So, the documents describing the privacy concerns should be such that a layman can understand and know about what the company wishes to use the provided data and how.
5. Have your process for deleting data
GDPR also gives users the right to have their data deleted. This demands companies to also have a deletion process in place, to avoid any penalties.
There is a long to do list for companies concerned with GDPR, but these few steps can put you on the right track towards GDPR compliance.
Internet Governance Activist | Information Security Expert | CyberSecurity Blogger | Digital Grassroot Ambassador