What is GDPR
GDPR stands for “General Data Protection Regulation”, it’s a new regulation from the European Union, designed to replace the old Data Protection Directive and harmonise data protection laws across Europe. In many ways it is the most important change in data privacy regulations for more than 2 decades- and it comes into effect on the 25th of May 2018- currently less than 80 days away.
The new laws apply to the personal data of any EU citizen, regardless of whether that data is being processed within the EU or not. If an organisation is offering goods and services to, or monitoring the data of an EU data subject, then the regulations apply to them. In practice this means that the GDPR is now the de facto global data protection regulation.
There are a number of new aspects of GDPR which are important to understand, from changes to the overall scope of the regulations, to new definitions and rights. Outlined below is a brief overview of the new entities in the regulations:
Changes in scope
This is a European regulation with a global impact. Any entity which processes the personal data of an EU citizen will have to abide by the regulation or face stiff fines. For the top tier of offences these fines can be up to 4% of annual global turnover or 20 million euros- whichever is the greater.
Hand in hand with these new stricter penalties, is stricter enforcement; this new document is a regulation not a directive. This means that rather than defining a set of goals which can be achieved any way a member state sees fit; the regulation must be implemented in its entirety across all member states.
Along with this stricter enforcement, the regulation updates the definition of what is being enforced- consent. The deliberately long and confusing terms and conditions many of us are used to seeing, but rarely reading will become a thing of the past. From now on, any request for consent must be intelligible, easily accessible and in plain language. The consent needs to be clear, separate from other matters, and must also be as easy to remove as it is to give.
In order to make sense of the new regulations we need to understand some of the key terms referenced within the documentation:
New rights for Data Subjects:
The regulation creates a number of new rights for the individual data subject as outlined below:
What does it mean for me?
What all this boils down to is that any entity which is working with the personal information of any EU citizen needs to take measures to ensure they don’t fall foul of the latest regulations- or face the consequences.
Microsoft has been at the forefront of systems compliance, and have committed to making all of their systems GDPR compliant by the 25th of May deadline. As well as making this global commitment, Microsoft have also released a raft of resources intended to help businesses on their compliance journey.
As part of this, Microsoft have offered a free online assessment tool to judge your company’s GDPR compliance status, which can be accessed here. There is also a suite of new functionality across all of Microsoft’s product families in order to help businesses stay compliant. Some of the key new features are outlined below, for a full list follow the link here:
SQL Azure Databases:
Service Trust Portal
How can InteliSense IT help
At InteliSense IT we work closely with Microsoft on all of their product offerings and would be happy to offer advice or assistance to you on your journey to GDPR compliance. If you would like to find out more about how we can help then get in touch using our contact page.
Meet the team: Amjad Khan
Azure Service Bus Integration