Governments around the world are tightening up laws governing how businesses gather, store, and secure user data. This is increasingly challenging as data is now a commodity not constrained by national borders.
There is also a vast amount of data being produced, meaning the sheer volume involved can overwhelm businesses, especially SMBs with limited resources. The challenge is for enterprises to implement a data strategy that will provide maximum flexibility to cope with current and future data governance measures, while ensuring the integrity of the data they hold.
Global users, global data
For many businesses this means you also need to consider the protection of customer data from a global perspective. It also means re-evaluating your processes, procedures and the way you handle your customers information. New governance structures, like Australia’s Notifiable Data Breaches scheme, or the European Union’s recently introduced General Data Protection Regulation (GDPR) are a sign of things to come. You may even need to get legal advice to ensure you comply and implement the necessary changes.
GDPR: the game changer?
The GDPR is the EU’s new data protection and privacy law. It regulates how businesses and organizations store and manage the personally identifiable information (PII) or data they collect. It imposes strict new rules on organizations that control and process such data, specifically around the systems, processes and procedures involved.
Importantly, the GDPR applies to any organization that handles an EU citize’s data, regardless of their location, and the penalties are severe – up to €20 million or 4% of annual turnover, whichever is greater.
You need to be able to show how you comply with the GDPR’s requirements, and it applies to even seemingly innocuous uses of data, like retaining the email addresses of users who reside in the EU.
But the benefit of making sure your business is GDPR compliant is that you’ll then be well placed with regard to other privacy laws and regulations – and you can use that to your benefit. Your reputation will only be improved by demonstrating your compliance, and it should lead to greater customer and partner trust.
What is personally identifiable information?
The definition of what exactly is personally identifiable information varies by jurisdiction, but broadly encompasses information or an opinion about an identified individual. This could include a customer’s name, age, date of birth, address, telephone number, employment details, credit status and medical records. It could also be a record of their opinions, political or religious affiliations, or criminal record.
Such data should always be held as securely as possible, even if not subject to privacy laws like the GDPR, as a matter of good practice.
Privacy is good business
Businesses are increasingly legally obligated to ensure data compliance measures are part of their everyday data processing activities. If you are not sure of your status, a good starting point is to record the current state of your data collection systems and processes, and check if they meet local requirements.
Your ongoing operations should also support the management of data protection procedures and control, with an eye on current and future privacy requirements. And if you don’t have the expertise to do this, get some help. Third party providers can undertake an assessment to help manage the personal data you hold or manage and advise how best to control and process it.
Future-proof your now business by making sure you are responsive to both current and future data governance measures, and that you have full control of all your data. The GDPR is the latest data regulation with extensive global reach, but it’s unlikely to be the last.