The General Data Protection Regulation is a data privacy regulation that covers the European Union.
It's designed to empower individuals with control over their personal information and how businesses use it. Compliance with this landmark data privacy rule can be difficult, but RecordPoint can help, ensuring your organization avoids the costly penalties and reputational damage associated with non-compliance.
The General Data Protection Regulation (GDPR) is the European Union (EU) law that focuses on data privacy. It came into force on May 25, 2018. The regulation is designed to unify the patchwork of EU data privacy laws on a single standard with one set of expectations for every entity that handles the personal data of EU citizens and residents.
The rule at its core provides EU citizens and residents — called 'data subjects' in the law — with power over the data they choose to share with any entity. This includes for-profit businesses, nonprofits, and anyone who collects personally identifiable information of EU citizens, no matter where they are.
Anyone who accesses the data of EU citizens or residents needs to be in compliance with GDPR. Where you're accessing the data from doesn't matter; only that you're collecting data on EU citizens. For your organization to be in full compliance, and be able to fulfill the rights of data subjects, there are seven key principles:
Processing has to be lawful, fair and transparent. This means organizations need to be open with how they use the collected data in their operations.
Data can only be processed for legitimate purposes that you explicitly specify to the data subject when you collected it. This means that you can't claim rights to use the data however you see fit; each use needs to be spelled out and easy to understand.
You should collect and process only the data you absolutely need for the purposes specified. In practice this means limiting how much is collected in the first place, as opposed to collecting every possible piece of data.
You must keep personal data accurate and up to date. This may require connecting with data subjects regularly to update the information you possess on them.
You may only store personally identifying data for as long as necessary for the specified purpose. Any data storage for longer than necessary could create issues.
Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
Applying these principles can be difficult, but it doesn't have to be. Companies seeking GDPR compliance need a solution designed to assist with these specific challenges.
RecordPoint is designed to enable GDPR compliance, enabling users to identify, protect, and manage data throughout its lifecycle. Key RecordPoint features that enable efficient GDPR compliance are:
Discover where all your data – including data that holds personal information – lives to get a comprehensive picture of your data estate, so you can better understand and protect it.
Proactively dispose of data you don’t need with custom retention policies that make minimization effortless.
Use AI to classify data instantly, so you know exactly where sensitive data lives and how to protect it.
The penalties for noncompliance with GDPR or for violations are potentially severe. There are two levels, or tiers, of financial penalties under this regulation.
The lower tier of punishments could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year depending on which amount is higher.
This set of violations includes infringements related to:
The higher tier of violations go directly against the core "right to be forgotten" and "right to privacy" that are the very soul of the GDPR. These fines could be up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year. This category of fines relate to:
These fines can be significant, so it's vital that you comply with GDPR when doing business with European citizens.
Have another question? Looking for more details?
Reach out to our friendly team who will be happy to help.
