What Have We Learned from GDPR?
A blog from guest author Trinny Truu, Field Marketing Manager at Cleo.
It’s been almost 12 months since businesses all over started panicking about the European Union’s General Data Protection Regulation (GDPR) and with the one-year anniversary fast approaching (25 May 2019), what have we learned over this past year?
The introduction of GDPR made data security history by implementing a single breach-notification regulation for the EU. It also established a common, broader definition of personal data. GDPR widened the category to include IP addresses, biometric data, mobile device identifiers, and other types of data that could potentially be used to identify an individual.
There was officially no lead-in time for the legislation after 25 May last year. However, it was said the Information Commissioner’s Office (ICO) had indicated a desire to focus on compliance, rather than enforcement, in the first year.
The global impact thus far
We have seen numerous examples of enforcement across different countries and industries, including highprofile fines levied against Internet giants in the past year.
Google, for example, has been fined 50 million euros (£44m) by the French data regulator CNIL for lack of transparency, inadequate information and lack of valid consent regarding advert personalisation. Google is set to appeal the ruling.
Whilst the larger fines are so far reserved to the big players, nevertheless, the level of potential fines for non-compliance for everyone is still relatively high, with the potential to bring a business down, either financially or in terms of its reputation.
The influence of GDPR on other global legislation among countries not in the European Union has continued to grow since May last year, particularly those wanting to do business with Europe. The most common aspect of GDPR being replicated globally is the guidance around data subject rights, data breaches and accountability requirements.
For many businesses in the U.S., a new 4-letter phrase will sum up 2019: CCPA. The CCPA is a new California privacy law into effect on January 1, 2020, thus creating its own watershed moment in US privacy law.
GDPR and a Modern Managed File Transfer Solution
What is clear is that people are more aware of their rights in relation to their personal data. Businesses have also come to realise that GDPR is not all about marketing data it applies right across operations and is now a major factor to be considered in key business decisions.
Everything an organisation does with data constitutes processing, and virtually every process involves data transfer at some level. For industries such as healthcare, supply chain and logistics, financial services and SaaS, data transfer is the operations lifeblood. And any action on data is technically a processing event, including internal transfers, external transfers, storage, viewing, analysing, changing, synchronising and replicating.
By deploying a steadfast and secure file transfer system that tracks the who, what and when of transactions, companies have the functionality and documentation required to comply.
A modern MFT solution provides advanced security and the control and governance you need to assure GDPR-compliant data transfers, and the clear, accurate documentary evidence to prove it.
If you are unsure if you are GDPR compliant, it’s not too late. Contact HANDD today and find out how we can help you in partnership with Cleo.