How Fresh Is Your Data and GDPR
How Fresh Is Your Data and GDPR
and
To combat data decay, start cleaning existing data – today. Clean data early in the
process as it comes in.
Correct records before they get in your customer database. Once the data becomes
“official,” it becomes exponentially more expensive to get rid of it.
Finally, because data quality decays so quickly, data must be processed regularly to
minimize data quality issues. Determine the frequency and the process required to
keep your data correct, current and complete.
The GDPR: Key Facts
The scope of the European Union General Data Protection Regulation (GDPR) is
broad, covering personal information that can be linked to an identifiable individual
(such as national identification number, employee authentication, payment-
transaction history, and date of birth) in any format (structured or unstructured)
and in any medium (online, offline, or backup storage).
The regulation is designed to protect the privacy of EU residents by introducing
stringent consent requirements, data-subject rights, and obligations on
organizations that gather, control, and process data.
Its core requirements cover the following:
• Record of activities. Organizations should maintain a record of data-processing
activities and be ready to present it to the regulator at any time.
• Legal basis for data. All data processing should have a legal basis, such as the
consent of the data subject or the need to fulfill a regulatory or legitimate
business purpose.
The GDPR: Key Facts
• Rights of data subjects. Data subjects are imbued with rights that organizations
must honor such as the right to be forgotten (or, to data erasure), the right to
data portability, the right to object, the right to revoke consent, and the right to
restrict processing.
• Security. Organizations should protect data through a set of controls, such as
encryption or “pseudonymization,” and have effective operational procedures
and policies for handling data safely.
• Third-party management. Vendors and suppliers, including outsourcing partners,
should be required to protect personal data and should be monitored.
• Privacy by design. Data protection should be included in the business-as-usual
processes such as with any organization planning a new technology, product, or
service from the beginning of the development process.
• Breach notification. Data breaches likely to result in high risk to individuals’ rights
and freedoms should be reported to the authorities within 72 hours and
subsequently to the data subjects as well in certain cases.
The GDPR: Key Facts
The new regulation is enforced via national supervisory authorities within the
European Union that are granted wide-ranging enforcement powers and sanctions,
such as the power to ban data processing.
The fines for failure to comply are high, as much as 4% of annual worldwide
revenues. The GDPR also allows individuals to seek civil actions (including class-
action lawsuits) against organizations that violate their data-protection rights.
While GDPR is the most expansive regulation of its kind to date, there has also
been movement in other geographies to increase protections around personal
data.
In the United States, for example, the state of California recently passed the
California Consumer Privacy Act of 2018, which holds organizations to similar
standards and imbues data subjects with similar rights.