GDPR: The Importance of Data Protection by Design and Default
by Jonas Outlaw —
With the growth of the ‘always on’ culture, driven by the ever-expanding capabilities of mobile devices and the increase in the digital transformation of services, a wide range of identifiable and behavioral data that is now collected and processed by organizations every time we interact online. At the same time, how and where organizations store and process this data has moved from inside the traditional IT perimeter and server rooms into hybrid and cloud environments in data centers across the globe.
This change in the information landscape has brought something new to everyone’s as of late – the General Data Protection Regulation (GDPR), which went into effect May 25th, 2018. While most of you probably have heard of the new regulations, it’s now more important than ever to focus on getting your organization compliant.
The regulation itself has been around for a couple of years but the enforcement, including fines and penalties, have been in full effect for almost 3 months now. Really, the key for organizations is making sure that we continue to focus on the importance of protecting our data and what we do with it. We've already seen suits come out of several large, well-known companies right after the start of the enforcement, because – most likely – they were not ready.
A lot of times, this is also referred to as privacy by design, which has always been a part of data protection regulations. The difference now under GDPR is that it is an actual legal requirement.
That's an important distinction – now a legal requirement. GDPR requires you to put in place appropriate technical and organizational measures to implement the principles found in the GDPR and to safeguard the individual rights of users. Data protection by design is really about considering data protection and privacy issues up front in everything you do. Whether it's your products, processes or how you operate your organization.
The days of pre-ticked boxes and automatic opt-in are gone, and now we’ve moved more toward transparency. We want to let people know what data we're capturing, how we're going to use that data. There's really a burden or an obligation on the organization who's collecting that data to have a lot of transparency and to inform people of their rights as it relates to that data. An important key concept here that's changed is the level of scrutiny on the consent and the transparency of information that we provide about the use of data.
Right to Erasure
Finally, if we bring all this back to what this whole regulation is about the data subjects rights, really thinking about this as a fundamental right of the individual: the right to erasure, also known as the right to be forgotten. The concept here is that when an organization no longer has a reason to keep the data for somebody, then there is an obligation to go ahead and remove it from your systems.
Bomgar Remote Support Fosters GDPR Compliance
For more details about the new regulations, what you could be held responsible for, and how Bomgar can help foster GDPR compliance, check out the full, on demand webinar!
Stay Up To Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.