A spectre is haunting Europe – the spectre of GDPR.
It seems to be the one thing everyone in the data security industry is talking about, Equifax aside…
Articles are being written, consultancy firms are popping up, and businesses are quietly panicking.
Yet, like so many grand legislative changes, many people are unsure what GDPR is, how it could affect their business, or whether they should even be worried about it at all.
In this article, we’ll be looking to clear up some of those misconceptions while presenting actionable steps for how companies can go about adjusting to the coming changes. We’ve scoured the available resources to find the answers to our concerns about GDPR and now we’re sharing it with you.
(Still employ a consultant though. As you’ll see, there’s too much at stake not to!)
We’ll explore not just the impact on European companies but also companies outside the European market who process or control data which could come under the scrutiny of these EU measures. SaaS companies like Process Street will find themselves needing to adapt their services for their large European clients, and if you work within the SaaS field you might have to do so too.
Before we go further, let me give you a Too Long; Didn’t Read:
The best short summary of the ethos of GDPR I’ve read comes from Wired:
For companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place
The GDPR broadly sets out:
- You need to have a system in place to manage data and security.
- You need to have that system fully documented.
- You need to operate with the parameters of the GDPR, e.g.
- Consent boxes cannot be auto-filled as “yes”.
- Companies must respond to access requests from users within 1 month.
- Requests for personal information must be processed free of charge.
At the end of this article, you’ll find a free Process Street checklist which uses ICO recommendations and Article 29 Working Party advice to guide you through assessing your company’s GDPR readiness!