GDPR: The Importance of Data Protection by Design and Default

With the growth of the ‘always on’ culture, driven by the ever-expanding capabilities of mobile devices and the increase in the digital transformation of services, a wide range of identifiable and behavioral data that is now collected and processed by organizations every time we interact online. At the same time, how and where organizations store and process this data has moved from inside the traditional IT perimeter and server rooms into hybrid and cloud environments in data centers across the globe.

This change in the information landscape has brought something new to everyone’s as of late – the General Data Protection Regulation (GDPR), which went into effect May 25^th, 2018. While most of you probably have heard of the new regulations, it’s now more important than ever to focus on getting your organization compliant.

The regulation itself has been around for a couple of years but the enforcement, including fines and penalties, have been in full effect for almost 3 months now. Really, the key for organizations is making sure that we continue to focus on the importance of protecting our data and what we do with it. We've already seen suits come out of several large, well-known companies right after the start of the enforcement, because – most likely – they were not ready.

Now that the enforcement date has passed, let’s not fall asleep at the switch. It’s important to continue to be vigilant, because it's not just the European Union but certainly countries around the globe are continuing to increase their enforcement of organizations of how personal data is treated. Here’s a few key concepts, or new trends emerging, to help clarify some of the new provisions within GDPR.

Martin Willoughby / SVP of General Counsel and Chief Privacy Officer / Bomgar

Martin shared more insight into the importance of data protection and design by default in an exclusive webinar, Post GDPR: The Critical Importance of Securing Remote Access. He also calls out some emerging trends as a result of GDPR going into effect, including:

Data Protection by Design and Default

A lot of times, this is also referred to as privacy by design, which has always been a part of data protection regulations. The difference now under GDPR is that it is an actual legal requirement.

That's an important distinction – now a legal requirement. GDPR requires you to put in place appropriate technical and organizational measures to implement the principles found in the GDPR and to safeguard the individual rights of users. Data protection by design is really about considering data protection and privacy issues up front in everything you do. Whether it's your products, processes or how you operate your organization.

The days of pre-ticked boxes and automatic opt-in are gone, and now we’ve moved more toward transparency. We want to let people know what data we're capturing, how we're going to use that data. There's really a burden or an obligation on the organization who's collecting that data to have a lot of transparency and to inform people of their rights as it relates to that data. An important key concept here that's changed is the level of scrutiny on the consent and the transparency of information that we provide about the use of data.

Right to Erasure

Finally, if we bring all this back to what this whole regulation is about the data subjects rights, really thinking about this as a fundamental right of the individual: the right to erasure, also known as the right to be forgotten. The concept here is that when an organization no longer has a reason to keep the data for somebody, then there is an obligation to go ahead and remove it from your systems.

For more details about the new regulations, what you could be held responsible for, and how Bomgar can help foster GDPR compliance, check out the full, on demand webinar!