Strict new data laws with global implications are coming on May 25, 2018. As an organisation, you need to ensure that you are fully prepared for the change. Companies can be fined of up to $23m or 4% of the company’s global annual turnover for not complying. No one can afford to be unprepared.
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.“
What is GDPR?
First, let’s quickly recap what the General Data Protection Regulation (GDPR) is.
The laws were introduced by the European Union to regulate how personal data can be processed to protect the data of the people who live in the EU.
The update is needed due to technological progress, as well as the data protection needs of EU citizens. This is the first serious change to the Data Protection rules in over 20 years.
You can find the full regulation here.
What kind of data is protected under the new laws?
GDPR are meant to protect a natural person’s rights. The act does not protect businesses, entities, or organisations.
GDPR has global implications as it affects any company that offers goods or services in the EU.
It protects any personal data that can be used, either directly or indirectly, to identify the person. This includes a name, a photo, an email address, bank details, medical information, or a computer IP address.
How has SentiOne ensured readiness for the GDPR laws?
Data protection is SentiOne’s first priority and we’ve been preparing to embrace the change for several months. All of our employees have been trained for compliance with the GDPR.
- As an EU company we are obliged to fully comply with all EU regulations.
- SentiOne has deployed a new Data Protection Policy to ensure that the data we store or process is safe and that we comply with the new EU regulations.
- As a large scale data monitoring company, we appointed a dedicated Data Protection Officer (DPO) who is in charge of implementing and reinforcing the directive throughout our entire organisation.
- We only obtain publicly available data shared willingly by the person.
- All the data that we obtain from social media platforms is gathered via official API. The permissions and data administration are obtained by such platforms.
- The data we collect is processed in accordance with the strict regulations.
- We made all the necessary checks within our application to ensure that it’s fully compliant with GDPR.
Our customers’ data
- Data is protected in accordance with the Data Protection Policy.
- We notify our customers that we are collecting the data and for what third parties and for what purpose it can be shared.
- We give all our customers an opportunity to opt out of our communications.
- Whenever we request for our customers to share their data, we ask for consent in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.
- We are in full control of our users’ data with all the necessary safeguards in place.
The right to be forgotten
- All our customers have the right to request for their data to be removed from our Database (to be forgotten).
- We’ve set up a Complaints Policy to enable our customers to place a complaint or request their data to be permanently removed from our records. To do so, simply contact our Data Protection Officer at firstname.lastname@example.org.
- All requests and complaints are being processed immediately and treated with the highest priority.
What can you do to comply with the new EU Regulations?
The checklist below should help you prepare for the changes
- Appoint an individual responsible for data privacy and information security.
- Set up regular training and education for staff who deal with data.
- Create an up-to-date map of the locations within which personal data is processed.
- Store any data on encrypted storage devices.
- Put in place measures that will prevent unauthorised access to the data.
- Create and enforce regulations about how, when, and why data may be accessed.
- If your staff works remotely, ensure that they access any data via a secure connection.
- Ensure that any of your third-party partners have the same strict data protection regulations in place.
- Ensure that all your data protection processes and regulations are easily accessible to all your employees.
- Ensure that you have the right measures to alert you of any breaches immediately.
- Ensure that all data you store is only retained for as long as it is necessary.
- Ensure that you have all necessary consents to store and process your customer’s data.
- Let your customers know of your data policies and give them an opportunity to opt out of any communication.