11 Dec 2019 by Mike Weaver
Integration: The Final Step in Change Management
The final step in successful change management is the Integration stage. Here’s how to bring everything together. Watch now.
We all leave a digital trace across the sites, platforms and providers we interact with, and we trust that these hosts or services will safeguard our personal information in a way that has been sanctioned by the appropriate authorities.
We know that personal data needs to be protected, and can leave us vulnerable if it is not. We expect that our data is protected, but might not understand what this involves, or know how it should be kept. Many of us may not be able to outline exactly what constitutes as personal data, especially as the definition is always liable to change, especially as technology develops.
This blog will present an overview of some of the key changes in the treatment of personal data under GDPR. It will also point you in the direction of other sources that can help you understand how your data will be handled under GDPR, and how (as an organisation) you should be handling other people’s information.
What constitutes as ‘Personal Data’?
According to article 4(1) of the GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location, data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’
The European General Data Protection Regulation (GDPR) has expanded the definition of personal data to include modern forms of ‘identifiers’ that are often collected from citizens, such as IP addresses. Other data such as the subject’s race, political opinions, religious beliefs, health conditions, as well as the new additions of biometric and genetic data are also considered personal data.
Your rights under GDPR
These are the following rights you can expect under GDPR when it comes to your personal data. It is important to note that many of the points below are subject to additional conditions, which should be explored before calling on any of these rights. You can find more details in this overview from the Information Commissioner’s Office (ICO).
The regulations for processing personal data bear many similarities to the 1998 Data Protection Act but with added conditions. According to the ICO, to lawfully process personal data, at least one of the following conditions must be met:
What’s The ‘One Stop Shop’ Mechanism?’
‘One Stop Shop’ refers to the mechanism that ensures organisations with multiple branches across EU states will be required to answer to a single supervisory authority based in the same area as their main establishment (usually in their EU headquarters). The aim of this mechanism is to ensure that all organisations, regardless of location or border, can deal with their issues from their home base, and that such issues can be consistently addressed across the entire EU.
What happens if you’re non-compliant?
It might seem like there are hundreds of hoops to jump through for GDPR, but the more you research and understand the requirements for your organization, the clearer your path to compliance will be. It’s estimated that 69% of companies are currently ‘unprepared’ for GDPR, which is concerning, given the timeframe and consequences for non-compliance. By the 25th May 2018, all organizations who fall under the act must be compliant, otherwise they will face the consequences of non-compliance. The punishments for non-compliance can range from warnings to heavy fines of up to €20 million or up to 4% of total global revenue of the previous year, whichever is bigger.
GDPR is coming, and you won’t want to be part of the 69% when it does, so now’s the time to learn all about what the regulation means for your organisation. In our next post, we’ll be exploring what GDPR means for small to medium companies who don’t have entire teams, consultants, or extensive resources available for implementing compliance strategies. If you’re an SME and you’re unsure how to approach GDPR, make sure you check back on the blog for specific tips and guidance on becoming compliant.
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.