As you may know, the General Data Protection Regulation (GDPR) puts a spotlight on the already sensitive issues of consumer data and privacy. While many of us have been focused on data security and privacy to earn consumer’s trust, the GDPR now adds new privacy mandates and related penalties (fines) for noncompliance.
The regulation effects both European companies and any U.S. organizations who offer products or services to European Union (EU) consumers – with a looming May 2018 deadline.
What are the new rights for consumers and obligations for companies we need to focus on now for compliance? Forrester Research has published a new report including 4 important areas to focus on to comply with GDPR:
- The GDPR provides EU customers with several key rights:
- A right to access (the ability to view what data an organization has collected from them)
- A right to amend (if a customer finds incorrect information)
- A right to be forgotten (asking a company to erase all of one’s data)
- A right to data portability (also called “package and deliver”). This last right allows customers to ask a firm to return any data they have directly provided the firm and also any data the firm has collected from them — including consumption data.
- Your company’s obligations differ based on the type of data you collect. The regulation defines several types of data: data collected directly from customers (e.g., name and address); data collected automatically and obtained with consent (e.g., geolocalization data); data collected automatically without consent (e.g., phone number and call duration); computed data (e.g., credit score); and computed data using a firm’s IP (e.g., customer churn or risk score).
- Governing privacy across data ecosystems requires centralization. As data commercialization becomes more prevalent, the sources of data will multiply, and managing obligations like “consent” and “data protection by design” across data providers, data brokers, and data buyers will become more complex.
- Your firm must demonstrate compliance and due diligence. The GDPR places a burden on the organization to defend its actions. In the event of a breach of personal data, organizations must demonstrate due diligence to avoid the significant penalties that are possible under the GDPR.
These requirements and the involvement of multiple stakeholders – including consumers – introduce data complexities and data governance requirements. Firms can no longer manually manage their customers’ data privacy.
To learn more about these requirements and five key areas to enhance your data governance, access the new Forrester report: Enhance Your Data Governance to Meet Your New Privacy Mandates.
At DATUM we are working with our customers to very quickly address GDPR and scale the process. Please feel free to contact us if you would like to discuss your GDPR challenges or learn more about DATUM’s GDPR solution.