Call Accounting Featured Article

Don't Sweep GDPR Under the Rug

June 11, 2018

The General Data Protection Regulation went into effect late last month. Yet many companies and organizations are still not in compliance with the European Union’s GDPR rules.

That may be simply be because some organizations, including ones outside of the EU that are impacted by the GDPR, are not aware of this new set of regulations. Or perhaps they’re not aware of the details of GDPR, or what exactly they should be doing to comply with them.

Others may be waiting until they gain greater clarity on how and to what extend EU regulators with be policing and punishing non-compliance.

However, word is that penalties will be stiff. So companies that haven’t gotten their GDPR ducks in a row should get started ASAP.

That should include looking at the rules. Educating everyone in the organization about those rules and how it impacts their jobs of the efforts of their colleagues and departments.

The CommLaw Group says five of the key aspects of GDPR on which organizations should focus include the following:

lawfulness, fairness and transparency:  personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject; 

purpose limitation: personal data should be collected for a specified, explicit and legitimate purpose and processed only in a manner that is compatible with such purpose; 

minimization: personal data collected and processed should be limited only to what is necessary in relation to the purposes for which the data are processed; 

accuracy: personal data that are processed must be accurate and, where necessary, kept up-to-date, and to the extent that the data are inaccurate they should be erased or updated without delay; 

storage limitation: personal data must be kept in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed; 

integrity and confidentiality: personal data must be processed in a way that ensures appropriate security of such data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage; and 

accountability: controllers of personal data are responsible for demonstrating compliance with the above principles.

Organizations also need to make a list of the information they control and how their processes including processing and storage guidelines, impact them. Appointing a specific person to handle this task, educate others about GDPR data handlings and rules, and implementing or tweaking processes to comply with the new regulation is also a great idea.

Edited by Maurice Nagle