The General Data Protection Regulation is a far-reaching set of rules passed by the European Union that will protect the data of EU consumers and impose stiff fines on companies that do not comply. It will be enforceable on May 25, 2018.
Here are five key points to know about GDPR.
The short answer is yes, because GDPR will apply to any companies that do business with EU citizens, even if the businesses are located outside Europe. For example, Facebook will need to comply, since many of their customers are located in EU member states. Since most companies do business over the web, it will likely be easier for US companies to become GDPR-compliant for all of their customers rather than just those from the EU.
The EU states that personal data includes “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information or a computer’s IP address.”
The regulation provides certain rights to EU consumers whose data is used by businesses. These include:
In the case of a data breach, the regulation requires businesses to notify representatives of EU countries within 72 hours of any data breach, and to provide details about which EU citizens were affected.
The regulation also calls for privacy by design and default, meaning that data protection will be a priority from the onset of designing systems. Controllers will be required to hold and process only the data that is absolutely necessary, and limit access of personal data to others.
In addition, GDPR requires the appointment of Data Protection Officers for public authorities, organizations that engage in large-scale monitoring or organizations that engage in large-scale processing of sensitive personal data. DPOs will have oversight over data privacy and will report to representatives of EU countries in the event of a data breach.
Organizations can be fined as much as 4% of their global annual turnover, or €20M, whichever is greater.
At the very least, any private information that is stored on your Excel spreadsheets will need to be fully secure, easily traceable and with the ability to limit the amount of data that others can access at any time.
DataRails, the Excel management platform backed by Microsoft, can help you with all of these, as well as provide instant insights on your data without changing the way you currently work in Excel.