CluedIn is knee deep in the data world and to some degree we are pioneers in driving solutions for the upcoming EU Data regulations. We talked internally about what our customers might want to know about the new upcoming regulations and here is the list we came up with.
1. Data processors will be held responsible for data protection
Under the directive, any data “by which an individual can be identified” was the sole responsibility of the data controller, ie the owner of this data. Under the new regulations, however, any company or individual that processes this data will also be held responsible for its protection, including third parties such as cloud providers.
With the new regulations in mind, organisations should think about reviewing their third party contracts now. In the case of cloud providers seriously consider having, as part of your contract, the ability to carefully review their procedures and even facilities to make sure they are up to scratch. Many cloud service providers, especially those based outside the EU, may not believe that the regulations apply to them, it is clear that they will.
2: Data Flow Guarantee
Companies that process data need to audit where data is transferred. For example, CluedIn logs and audits the transfer of your data and what servers were touched through the processing, storage and transfer of this data.
3. How do companies need to comply?
In the new regulation, users can also demand that their data be erased. This may sound straightforward but it’s not always that simple. If a person said they wanted to be removed from one of your databases, how would you go about doing so? Would you have to remove data from multiple systems? Are syncing protocols in place that would make doing so difficult? Do you have processes now for this and how would you remove contact information from individual databases or spreadsheets? These are questions that need answering now, not after the regulation comes into play.
It is the ideal time for IT, security, and compliance teams to review the new requirements, seek legal guidance and put into place processes that will enable compliance. At CluedIn we are offering our Data Protection Officer for free consultancy hours. You can book a session here https://calendly.com/cluedin/gdpr.