Ready or Not, Here We [GDPR] Come
Almost a month after the elements of the General Data Protection Regulation (GDPR) have been enforced, businesses still scramble to ensure they are compliant. Although some businesses across Europe are predicted to be impacted more than others, every organization must abide by these regulations or face hefty fines by the EU Parliament.
Since the enforcement of GDPR began on May 25th, 2018, regulations defined what personal data includes as well as the rights individuals have over their personal information. If an organization uses online identifiers, location data, and/or demographic information the new regulations a part of the GDPR must be followed. In addition, the rule defined that IP addresses and mobile devices are included as personal data and must be protected as so.
Moreover, the rights of individuals under the GDPR have increased. Several significant changes have arisen, assuring individuals more control of their private information
The right to be informed: Organizations are now obligated to provide ‘fair processing information’, meaning that individuals must be notified when and why their information is processed.
The right of access: Within a month of the request, individuals must have free access to their information and have the right to obtain confirmation that their data is being processed.
The right to rectification: Personal data must be corrected if it is inaccurate or incomplete at the request of the individual; these rectifications must be sent out to other third parties who have handled the information as well.
The right to erase: When the information has been unlawfully processed, not related to the purpose any further, and/or individual withdrew consent, individuals may exercise their right to have their information expunged. Individuals also obtain the right to deter their personal data from being processed until further notice.
The right to data portability: Portability allows individuals to reuse their personal data across services free of charge. This also permits individuals to object processing of their personal information.
It is critical to understand that consumers are the controllers of their personal data and that companies are just the processors- something GDPR is heavily focused on. Robert States, Executive Vice President and CFO of ABC-Amega Inc, stated “…it really wasn’t a matter of are we going to be compliant; it was a matter of what do we need to do to become compliant.” Being GDPR compliant is a differentiator amongst businesses, one that is crucial to consumers.
While your business may not have to be GDPR compliant, this rule serves as a reminder that your business needs to take proactive steps to protect information. Through the services of Data Backup & Recovery, Network Perimeter Security and Data Breach Readiness offered through Lincoln Archives newest division, LACyber, you can assure your organization and client information is fully protected when additional rules go into effect that may affect your business.
Lincoln Archives is the only family owned NAID AAA Certified organization in WNY and includes the division of LACyber providing comprehensive Data Breach Defense Services. Lincoln Archives is proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.
by Daria Coleman