Businesses and many public sector organizations do benefit a lot when they gather, process and exchange information of customers. It helps them to get useful and intelligent information. The data therefore is extremely valuable, but on the other side protecting the data and ensuring 100% data protection is becoming a big headache. These data leaks underscore the importance of protecting data while at the same time it also is made easily available to organizations. Towards this objective, the role of GDPR is important. It makes an attempt to come out with a strong regulatory framework as far as data handling of firms is concerned. This perhaps could help in reducing the instances of failures and abuse of personal information.
Three Major Areas Of Impact
There are three major areas where there could be positive impact of GDPR. It goes a long way in making the regulatory framework simple and this will happen across Europe. It will require the EU nations to comply with one single regulation instead of following 28 different types of rules across the entire continent (Brexit is not accounted for now). Secondly, it gives an opportunity for the various organizations to have a clear understanding of the data flow. Finally, it helps quite a bit in streamlining and tidying their approaches. The laws require a top down approach and support at a broad level. GDPR will make it mandatory for organizations to decide whether they need to save and keep all the data which they are collecting, or it could it be deleted. The GDPR would also require organizations to ensure a minimum level of security of data. This would call for investing in anonymisation, encryptions, and also pseudoymisation.
How Will GDPR Impact IT Sector
IT sector must also make quite a few fundamental changes because of GDPR. This could include data protection at the design stage itself. The concept also makes data protection core of any action whether it is processing of data or other such things. The onus and responsibility will lie with the organization to implement organizational and technical measure. This will go to prove that the organizations have an obligation to put in practice the various organisational and technical measures. Hence it would go to prove that organizations have taken steps to thoroughly integrate protection of data as far as their processing activities. Further the proposed changes will also ensure right to information, rectification and access to data and also raising objection and also the right to be forgotten. In others words they will have the right to rectify the data and also be able to access it.
Data Transfer And Portability
Data transfer and portability is another important feature of GDPR. It helps data customers to be in a position to access the data for their own use. It also strengthens the legal framework as it exists now. It gives more importance to consent so that customer-data remains their own in the real sense of the term. Consent for collection of data has to be more explicit. Therefore it is possible that pre-selected boxes on forms may not be allowed any more. GDPR as mentioned earlier is just not a legislative exercise. It impacts backup, disaster recovery and archiving.
It Impacts Practical World Quite A Bit
The practical aspect of GDPR will also be quite profound. It will ensure that GDPR Data managers responsible for disaster recovery, backup and archive will give customers the right to remove their data from companies’ records though they may have agreed to it previously. This is known as the right to be forgotten. This could prevent organizations to keep records of customer data for long periods of time.
When a data removal request is given, it means that the same must be removed from all sources and this includes cloud, tape or other storage devices kept in deep storage. But having to do this every time is considered by many to be a bit too much and those who are designing GDPR believe that it could throw up some logistical challenges.
from ZDS Europe http://www.zds-europe.com/2018/07/24/gdpr-and-proposed-changes-in-data-management/
No comments:
Post a Comment