Back in April of 2016 when the General Data Protection Regulation was adopted, it seemed like an eternity until May 25, 2018 when the law would be enforced. But here we sit, just weeks out until the GDPR – the first major change in European data privacy laws in 23 years – goes into effect.
Whether you're ready for the GDPR right now or are just starting to think about it, it could be enlightening to take a look back at some of our GDPR-related blog posts from the past year. This roundup covers topics that range from general discussions of what the GDPR is and how it could affect your company, to in-depth explanations of how to manage consent under the GDPR.
Understand what the GDPR means for you
- Contrary to what some business leaders think, the GDPR does not just apply to European countries. Yes, non-European Union firms – the GDPR applies to you, too. In this post, we look at principles of the General Data Protection Regulation, particularly some of its data management requirements. That's followed by a description of the 5-step approach SAS recommends for establishing a data management foundation that supports GDPR compliance.
- At a time when financial crimes and identity fraud are rife, it's no wonder citizens are increasingly wary of sharing personal details and contact information. In GDPR: The consumer effect, Mike Wake says the onus of responsibility is flipped on its head under the GDPR. This regulation empowers consumers to take back control of their personal data while taking advantage of the many opportunities that are now available to them.
- The fines are enough to give pause when it comes to GDPR. But it’s the potential loss of reputation that should be the top concern for everyone. The post GDPR – Is reputation a bigger risk than fines?, points out that a GDPR violation has the potential to reverse years of hard-earned brand and customer trust. And in the long run, that makes a fine seem minor.
Consider: Does the GDPR have to be a burden?
- GDPR assumes that the right to privacy is fundamental, which means software services providers need to give serious thought to how their organizations store and use personal data. And not just because of the fines for noncompliance, but because it's the right thing to do. Vincent Rejany poses the question: Is GDPR really about integrity? – and he says that regardless of what technology is used, consumers need to have confidence in how organizations manage their personal data.
- GDPR is the latest in the list of regulations affecting the insurance industry. Early adopters of the GDPR in this industry have found that its add-on benefits make their efforts worthwhile. In How the GDPR can benefit insurers, read how the GDPR can go beyond protecting individual customers to actually helping every aspect of an insurer's business.
- Some organizations continue to struggle with key elements of the GDPR – such as how to know when they've done enough to satisfy compliance requirements. But there's a silver lining here. Arturo Salazar says research shows that More than 70% of organizations expect their data governance will improve with GDPR.
Things you can do to get ready – people and technology
- The hardest part of compliance is knowing whether a data asset contains personal data, and ensuring you can protect it. David Loshin describes differences in identifying and protecting structured versus unstructured data in GDPR: The complexity of identifying sensitive personal data.
- Many organizations run a multitude of applications across different channels and locations. Under the GDPR, they must not only collect all personal data from these sources, but also map all personal data to the specific consent(s) given in the past. How do you manage consent for GDPR? In this post, Helmut Plinke describes the SAS approach, which links consent information with data usage policies and personal data.
- One of the GDPR requirements is that organizations must know (and be able to prove) who has requested data queries on personal data, and when. In his post, Tackle GDPR data management requirements using SAS, Ivor Moan describes the SAS capabilities that can help you access, identify, protect and monitor (or “audit”) the personal data you process and store.
- Automated decision-making is now regulated by the general provisions of the GDPR. This includes an individual's right to information about how his or her personal data is processed. In GDPR – Sounding the death knell for self-learning alorithms?, Dave Smith examines the "black box" problem and provides a checklist of best practices.
Some companies already have their GDPR program in place and are working every day to ensure that their EU residents' data is protected. Watch this video to learn about one company that's doing things the right way when it comes to GDPR.
Download a paper to learn more about how the SAS approach to GDPR can help protect your valuable corporate reputation.Download the paper now