<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Podcast: 3 Things You Don’t Want to Forget While Prepping for GDPR

Greg Mooney| November 27 2017

| Podcasts, IT insights, GDPR

Depositphotos_14455295_xl-2015-2

New regulations always mean a flurry of activity for affected companies, and the European Union’s new General Data Protection Regulation is no exception.

This article is based on an interview with Paul Voigt, partner at international law firm Taylor Wessing and author of The EU GDPR: A Practical Guide.

The bill passed in 2016, but it gave companies two years to fall in line. That means the deadline of May 2018 is looming for companies with consumer data interests in the EU.

Make sure you are compliant with the GDPR. Download this free guide.

Not making that deadline could mean fines and civil suits. And then there’s the possibility of cultivating a bad reputation for not caring enough about the protection of personally identifiable data of consumers.

Defrag_This_-_20__Data_Overlooked_When_Preparing_for_the_GDPR_(QUOTES)_1-1.jpg It doesn’t matter if a company is based in the EU or not. It doesn’t even matter how big or small they are. If they handle consumer data involving EU citizens, they are liable under the new regulations.

So, let’s break down three things that companies may be overlooking during their preparations.

1. Cloud Computing

When choosing a cloud provider, the level of protection they offer for data in general, but consumer data in particular, is already--or should be--very important for businesses. Cloud providers have a direct obligation to provide suitable protection for the data they host.

Before the GDPR, that was more of a marketing angle than a regulatory one, but the new regulations make it a bigger concern.

Defrag_This_-_20__Data_Overlooked_When_Preparing_for_the_GDPR_(QUOTES)_2-1.jpg

However, some companies are using this to their advantage. Even if their customers don’t deal with the EU, the ability to say they meet GDPR standards is a relevant marketing tactic.

But the cloud providers don’t have all the obligations. Cloud customers share some of the burden in that under the new regulations, they may be liable if the cloud provider they use to host data ends up falling outside of GDPR compliance.

That means businesses with EU customers have to be extremely picky when choosing a cloud provider going forward.

GDPR-processor

GDPR makes a distinction between companies that handle the data, versus companies that own the data - but the rules apply to both. Learn more about how GDPR impacts the use of personal data.

2. Internet of Things

Smartphones are the obvious one here.

Except, it might not be so obvious in the face of compliance with the GDPR. After all, IoT deals mostly with machine data, but a large amount of consumer data lurks on these devices, too.

Defrag_This_-_20__Data_Overlooked_When_Preparing_for_the_GDPR_(QUOTES)_3-1.jpg

The amount of customer data stored by applications is quite large. That applies to apps on smartphones, as well as smarthome devices.

A substantial privacy concern with IoT devices now is that they can be a pretty easy target for security breaches. With the new regulations, IoT manufacturers and providers are going to have to be more diligent about shoring up defenses on existing products as well as doubling down on security features when developing new devices.

3. Marketing and Sales Data

Many companies already have this one on their radar, but just as many companies may be overlooking it. Especially when it comes to Business-to-Business (B2B) companies.

Business-to-Consumer (B2C) clearly has a higher stake in customer data because they tend to deal more with individuals and thus have larger databases for consumer sales. This means they have a higher potential for harboring personally identifiable data.

But, B2B entities can’t afford to forget about this, either. Although they primarily deal with businesses, B2B sales and marketing professionals still utilize information for individuals in order to make those business sales.

One way to make sure this area isn’t overlooked is by updating Customer Relation Management (CRM) systems to be sure that they properly protect data of sales contacts.

Conclusion

No matter where your company is located, if you’re dealing with personally identifiable data from residents of the EU, you can’t afford to forget that the GDPR compliance deadline is coming in May 2018.

In particular, you want to make sure you aren’t overlooking affected data types that might not be immediately obvious like cloud computing, IoT, and marketing or sales data.

You can find this interview and many more, by subscribing to Defrag This.

Topics: Podcasts, IT insights, GDPR

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Greg Mooney

Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.