No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Give Me Back My Data

by Matthijs van Schip
August 31, 2018
in Data Privacy, Featured
Give Me Back My Data

What You Need to Know About the GDPR

We’re now three months past the deadline for compliance with the General Data Protection Regulation (GDPR), and many companies are still scrambling to implement the right processes and technologies to protect against GDPR violations. Experts from Synechron detail a simple, four-step approach to ensure compliance.

with co-author Philip Khan

Does this sound familiar?

“I read on Facebook that you keep tons of data which violates my privacy and you are now obliged to give it to me. Can I have it?”

“According to that new privacy regulation, I have the right to be forgotten. So can you please delete everything?”

“I heard that you now need to give my data to others, that is not what I want!”

If you have heard anything resembling these requests in the past months, then you know that your clients are starting to become aware of the GDPR legislation. Unfortunately, a lot of semi-truths are being told, and your average customer is not as informed as they could be. So what are their rights? And how should businesses get organized to become GDPR-compliant?

If you have not heard any of these remarks before, brace yourself for impact; this is no simple matter, and the May 2018 deadline has come and gone. Worried? Don’t be. This article will outline how European-based businesses and those with clients in these regions that are affected by the regulation can best proceed with their GDPR strategies.

Sorting Out the Facts: What Exactly is GDPR?

The General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC (DPD) and aims to harmonise data privacy law in Europe. GDPR empowers and protects all EU citizens’ data privacy, and it applies to any organisation processing personal data operating within the EU, as well as any organisation located outside the EU that offer services or goods to citizens within the EU. The main rights addressed under GDPR are the right of data portability, the right to be forgotten and the right to access and rectification. Instead of requesting erasure, a data subject can also ask for a restriction on the processing of their personal data.

The GDPR expands on rights already existing under the DPD. This implies additional obligations for data controllers, which will have a significant impact on data controllers and processors, including added responsibilities in data protection and increased legal liability in the case of a breach, with fines up to €20 million or 4 percent of total annual turnover. The GDPR also implies reassessed principles, including an accountability principle, which requires controllers to be able to demonstrate compliance with all GDPR principles. Operationally, organizations can be obliged to appoint a Data Protection Officer (DPO) to comply with GDPR data requirements. Furthermore, your organization can be required to carry out Data Protection Impact Assessments (DPIAs) in cases of potentially high-risk processing activities.

Forming a Strategic Approach to the GDPR

So, now that you understand the nuances and implications of the legislation, how do you go about implementing the new requirements into your business? To best assess a strategy, firms must focus on answering the following questions: how do you keep insight into the data? Where is the data located, and who has access to it? How do you prevent a data leak from happening? And did you already think about the following?

  • Will your systems be impacted when a client requests personal data to be sent to competitors? Note the overlap with PSD2.
  • Are you prepared for stricter recordkeeping obligations? Are you able to dispose of data after the maximum retention period?
  • Do you transfer data to third parties and/or third countries? On which basis is the company sharing data with group entities?
  • Can you maintain records of processing activities, including the purposes of processes? Where will you store these records?

Synechron has an easily deployable approach to analysing, designing and implementing a GDPR-proof solution. We propose a four-step approach:

What’s next?

As with any new regulatory obligation, it is easy for businesses to look at it as more of a regulatory burden. The lesson we’ve learned by dealing with several regulations is that it can better be viewed as an opportunity instead. You know that your client data is scattered across the organization in numerous departments, systems and storages within your business. You know the same client exists multiple times in your organization, depending on the number of divisions they interact with. You know the frustration and issues this leads to for both the institution and the customer when the data cannot be matched across the organization. GDPR can be the push to better streamline these processes and provide the framework for data organization. To begin, businesses should:

  • Scan through all systems, processes and data storage looking for client data
  • Identify privacy-related data fields
  • Ensure you have this overview readily available for operational processing and reporting

As a first step to governing your client data as one company-wide golden source, your business can turn the regulatory “burden” into a viable business case for strategic advantage in a market where customer intimacy is becoming more important each day. Emerging innovative technologies, such as artificial intelligence and blockchain, can be used to enhance operational processes and assist with setting up the larger strategy when it comes to getting the most out of an organization’s data.

While applying technology to meet regulatory compliance isn’t exactly new, the application of these technologies to streamline data processes can be beneficial in several ways. One can think of regulatory solutions that can be applied to multiple use cases or business lines, dealing with data that not only helps comply with legislation like the GDPR, but also helps the business fully utilize the data as an asset, and perhaps use it for predictive modelling down the line using historical data. By leveraging the opportunity of regulatory necessity with innovative solutions, business operations can reap sizable benefits.


Tags: GDPR
Previous Post

The Problem When Your Business Invests in the New

Next Post

Get Your Mind Right Before You Open Your Mouth

Matthijs van Schip

Matthijs van Schip

Matthijs van Schip joined Synechron as an Associate Consultant in 2017 after obtaining a Master’s in Law and Economics. Given his legal background, he typically works on projects that have a regulatory or compliance component to them. He is part of Synechron’s Regulation Practice and the General Data Protection Regulation (GDPR) team.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
surprised woman covering her mouth

Get Your Mind Right Before You Open Your Mouth

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT