In less than a month, all companies operating with data about EU citizens will be expected to meet the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018. The requirements are tough, the penalties are big. If you have not started preparing for the new rules, it is time to do it to avoid a the massive fines stipulated by the new regulation, which can go up to 4% of your company’s global revenues.
SkyFlok helps its customers to take a big step towards GDPR compliance. Thanks to our patented technology, SkyFlok users can increase data privacy and reliability and share the data securely with their clients. Users can now choose from our GDPR compliant locations and ensure that they meet the new requirements. In addition, SkyFlok helps to protect data against ransomware attacks by retaining earlier versions of their files for unlimited time, across multiple cloud providers.
Here are some of the most important steps you and your company need to take to prepare for the upcoming rules in data protection.
- Educate yourself and your team
In order to meet the new data protection requirements, it is essential that you and your team know what GDPR is and understand the requirements. One of the main goals of GDPR is to make businesses accountable for breaches and loss of data. That is why it’s very important to have a complete understanding of the risks and pay great attention to the security characteristics of your product.
- Create a data protection plan
You might already have a data protection plan in place, but you will need to review and update it to ensure that it meets GDPR requirements.
- Ensure individual rights
You should make sure that your procedures cover all the rights individuals have. The GDPR includes the following rights for individuals:
- the right to be informed about how their data is being collected and how it is used;
- the right of access which allows users to be aware of and verify the lawfulness of the processing of their data;
- the right to rectification – personal data can be rectified if it is inaccurate or incomplete;
- the right to erasure – enables users to request the deletion or removal of personal data;
- the right to restrict processing – the data subject shall have the right to obtain from the controller restriction of processing;
- the right to data portability – allows users to obtain and reuse their personal data for their own purposes across different services;
- the right to object – users have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, direct marketing as well as the right to object to processing for purposes of scientific/historical research and statistics;
- the right not to be subject to automated decision-making including profiling
- Prepare for the rules regarding children’s personal data
In case your organization collects personal data of children, you should definitely start thinking about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
- Prepare for ‘Privacy by Design’
Under GDPR, you will have to show that you have integrated data protection into your processing activities. You should have clear policies in place to prove that you meet the required data protection standards under the GDPR.
- Review and update your privacy notices and policies
One of the incoming GDPR requirements calls for clear and plain language in the provided privacy information. Your policies should be transparent and easily accessible.
- Hire or appoint Data Protection Officers (if needed)
You should appoint a DPO to take responsibility for data protection compliance, if you are:
- an organization that carries out the large-scale processing of special categories of data e.g. health records.
- a public authority (except for courts acting in their judicial capacity);
- an organization that carries out the regular and systematic monitoring of individuals on a large scale;
- Get ready for GDPR international data transfers
In order to ensure that the level of protection under the GDPR is not undermined, the new regulations impose restrictions on the transfer of personal data outside the European Union.
Under GDPR, you may be able to transfer personal data:
- subject to appropriate safeguards
- on the basis of the ICO’s decision regarding levels of protection in specific territories
- Set up a process for ongoing assessment
To make sure that you remain in compliance, you will need to monitor and make continuous improvement.
- Small organization? Ask for help, if needed!
Small organizations are also affected by GDPR, who might not have the resources needed to meet the new requirements. If your organization is one of them, you might search for outside resources to get advice or help.
Protect the privacy of your data and comply with the new regulations with SkyFlok! Join us at https://www.skyflok.com/