General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) applies to any company that does business with Europe, whether they are based in the EU or not. The new regulation will give users ultimate control over their data in where it resides, the ability to export, withdraw consent, and request access to it.
The GDPR regulation will strengthen the rights that individuals have regarding their personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed. GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside of the EU. However, it is important companies are aware that ‘data processing addendums’ model clauses and Privacy Shield certifications will continue to help enforce compliance.
Here are some important points to consider regarding GDPR regulations:
- The ‘data controller’ is responsible for implementing technical measures to ensure that data is being processed in compliance with GDPR such as obligations for transparency and purpose of the data at all times through the systems.
- Platforms are to be able to export customer data at any time during the term of the agreement with said client. Data export commitments should be honored at any point the customer wishes to have their information terminated from your organization’s systems.
- Data Opt In and Opt Out features (right to be forgotten) must be implemented either through a Privacy Policy or a data agreement. Make sure privacy notices are present wherever personal data is collected (development teams should incorporate a privacy policy link on each customer web page, as an example)