Blogs

TFT is prepared for GDPR Laws, are you?

« back   June 20th, 2018 by

Data privacy and protection has been a hot topic in the market since the time when the internet was in its infancy. It is the duty of companies to keep personal information of its customers private so that their identities are safe and protected and companies reputation untarnished.

The European Union has always been quite proactive when it comes to keeping the privacy of its citizens intact. Its data protection laws have been regarded as a gold standard all over the world. In 2016, the EU adopted the General Data Protection Regulation (GDPR) Law, replacing the 1995 Data Protection Directive, and gave its member States two years time (ending on 25th May 2018) to ensure that it is fully implementable in their countries.

 

GDPR (General Data Protection Regulation) is an act under EU law implemented on May 25th, 2018, to address privacy and data protection for all European citizens. The purpose is to put some restrictions on the organizations (whose primary focus is to collect information about their target markets and to pitch them their products and services) and give control to citizens for their personal information and details. Through this act, organizations can’t use personal data without the prior acceptance/permission of the individuals as well as (also) the organizations cannot compel in any way to share the information. European citizens can now enjoy privacy as one of the fundamental rights.

What is GDPR compliance?

The main aim of GDPR compliance is to protect people from data breaches and leakage of their personal information. Sometimes data gets lost or maybe abstracted and is liberated to people with malicious intent.

In the act of GDPR, Organizations may collect personal data from a consumer under strict conditions while making sure the information is gathered legally. Organizations will be obliged to respect the rights of data owners, protecting their data from exploitation and misuse.

This act has come up with a total of 173 recitals to protect the fundamental right of EU citizens to maintain the secrecy of their private confidential data.

The set of principles that comes under GDPR: lawfulness, fairness, transparency, data minimization, purpose limitation, accuracy, storage limitation, security, and accountability.

The following are a few prominent fundamental rights that GDPR provides:

1) The right to access

The Citizens will have right to access their data and can request to know how their information is being used. The companies must provide the full details within a month.

2) The right to be forgotten

A consumer has the right to be forgotten. People can request to erase their information or they can make a request to restrict their data, i.e the data can be stored but can’t be used.

3) The right to data portability

The consumer now has the right to data portability that allows them to move their information from one source to another.

4) The right to be informed

A consumer will also have right to be informed about how the information has been collected and the use of the same.

5) The right to have information processing

Consumers will have full control over their information and they must be informed in case of the collection of their information. Apple has introduced a privacy feature that asks user’s permission before gathering data.

6) The right to object

The consumers have right over the processing of their personal data, i.e. it gives them right to effectively ask companies to stop using their personal information.

7) The right to be notified

Consumers are notified about the personal information that the company would hold and the purpose for which it would be used.

TFT’s 8 step preparation

General Data Protection Regulation (GDPR)

TFT’s 8 Steps Preparation

The kind of panic GDPR laws created in the corporate world was not an astonishing event. Amidst the flabbergasted twists and turns that GDPR laws bring along with it, making it necessary to change software development and testing processes, some companies have been quite responsive to these laws so as to provide valuable services to its clients and so are we.

Think Future Technologies is advancing with 8 steps to prepare for GDPR.

 

1) Appointing a team for accountability and governance GDPR norms:

    • Review data handling procedure and upgrade it
    • Make management aware of GDPR risks and its benefits.
  • Appoint an executive or PDPO (Personal Data Processing Officer) for personal data protection compliance and assess its role in the company’s structure and governance arrangements.

 

2) Scope, planning, and certifications of the project:

    • A company should be ISO 27001 certified.
  • Think Future Technologies is ISO 27001:2013 certified which demonstrates information security best practice.
  • Consider Brexit implications and status of favored nations given to some in your planning.

 

3) Actions to take when collecting personal data

    • Personal data mapping
    • Be aware of the personal data it holds and it’s inflow and outflow
  • Personal data security management at each stage of every business processes, from planning to release personal data as GDPR keeps a track of it.

 

4) Actively manage existing contacts and leads in a database

    • Making clients aware of the personal information that it would hold and the purpose for which it would be used.
    • Clients consent should be recorded and the process of withdrawing the consent should be easy
  • Review or update contracts signed with third-party vendors

 

5) Audit procedures and compliance

    • Data inventory and Data flow audit
    • Regular audits of security controls
  • Keeping a record of every data processing activity

 

6) Upgrade privacy policy regularly and notify proactively

    • Data protection and privacy policies in line with the GDPR.
    • Review and update employee, customer and supplier contracts.
  • Technical controls specified by Cyber Essentials in place.

 

7) Design a data breach plan

    • Reporting to the client within 72 hours of becoming aware of the personal data breach.
  • Efficient plans to tackle it.

 

8) Staff Awareness

    • Staff awareness of data protection, basic principles of GDPR, its requirement, impact, and compliance.
  • Data privacy training to employees.

[contact-form to=”sharma.paras@tftus.com” subject=”Inbound Query”][contact-field label=”Name” type=”name” required=”1″ /][contact-field label=”Email” type=”email” required=”1″ /][contact-field label=”Website” type=”url” /][contact-field label=”Comment” type=”textarea” /][/contact-form]



Leave a Reply

Your email address will not be published. Required fields are marked *

*

*

*