The new policy, known as General Data Protection Regulation (GDPR), is designed to give individuals increased control over their personal information by increasing the transparency of where their information is going. The hope is that GDPR will “harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy and reshape the way organizations across the region approach data privacy.”
The European Council and other governing bodies are implementing GDPR to keep up with the current data-driven world. Some of these requirements include:
Right of Access
EU citizens shall have the right to obtain from the controller confirmation as to whether personal data are being processed, and where that is the case, access to the personal data.
Right to Erasure
“The Right to be Forgotten ” — EU citizens right the erasure of personal data concerning him or her without undue delay where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
Restrictions on Processing
“Right to restriction of processing” — Data subjects have the right to obtain from the controller restriction of processing where the controller is required to preserve the data for the establishment. Exercise or defense of legal claims.
Personal data must be kept in a form which permits the identification of data subjects for no longer than is necessary for archiving purposes, including protection against unauthorised processing and against accidental loss or destruction, using appropriate technical measures.
“Data Protection by Design and by Default” — Data controllers must implement appropriate technical measures for ensuring that, by default, only personal data which are necessary for each specific purpose is processed.
“Records of processing activities” — Data controllers must maintain records of processing activities, including categories of data subjects and personal data, the
envisaged time limits for the different categories of data, and a general description of technical and security measures.
How Globanet can help:
Companies subject to GDPR are advised to start preparing for GDPR now in order to avoid the risk of heavy financial fines. One way to ensure compliance is through Globanet Merge1.
A communications and content archiving tool, Merge1 is instrumental in the archiving and retaining customer data in order to comply with GDPR.
Merge1 is the simplest and most affordable way to achieve data compliance because it leverages your existing infrastructure.
Merge1 extends the ability of your email archive to capture non-email communications, such as:
- Social media (Facebook, Twitter, etc.)
- Enterprise collaboration (Slack and Jabber)
- Enterprise IM (Skype for Business)
- Financial platforms (Bloomberg and Symphony)
- Cloud-based files (OneDrive and Box)