Download our GDPR tech brief and discover how to achieve GDPR compliance with BeyondTrust cybersecurity solutions. get the guide
What you should consider as the deadline approachesKey elements to be considering as the deadline for enforcement approaches include the following:
- If you process data for another organisation, i.e. don’t collect it directly yourself are don’t use the data yourself, you still need to be compliant. Unlike the Data Protection Directive (95/46/EC), it’s not just the collector of the data that’s liable.
- With the GDPR personal data is defined as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, post on social networking websites, medical information, or a computer’s IP address.” This is extremely broad, so make sure you are aware if you collect or process any of this data whether deliberately or not.
- Make sure that any data you do collect is covered by appropriate authorisations from the user as these have expanded substantially; simple agreements are unlikely to suffice moving forward.
- Lastly, make sure you have processes in place to notify users of a breach when it happens. GDPR allows only 72 hours for such notification to take place.