Developers need to remain diligent at one-year mark of GDPR
It may seem like yesterday, but we have already reached the one-year mark since the enforcement of GDPR. Are you performing your due diligence? In this article, Chris Jordan explains why developers need always respect GDPR.
One of the most talked about IT events in the past year was the passage of the General Data Protection Regulation (GDPR), which is the European Union’s strict consumer data protection law that replaced the 1995 Data Protection Directive.
Basically, GDPR regulates the requirements for organizations that collect, process, store and transfer personal data.
Questions surrounding big data
GDPR is all about user data, and many organizations collect an immense amount of data on its users. Organizations hoping to gain or maintain compliance should start by answering the following questions when it comes to managing user data:
- What data is being collected?
- Where is the data being collected from?
- Where does the data go once it is collected?
- Who has access to the data?
Companies doing business in the EU are required by GDPR to know the answers to these questions with regards to user data.
Obtaining user consent
Consumers are increasingly holding organizations like Google and Facebook accountable for how they use the consumer data they collect 24/7. In the last year, there has been a growing trend in consumer empowerment over their data — 105,000 EU citizens have since filed complaints with national data protection agencies for noncompliance. Consumers must give their explicit consent for organizations to collect their data when entering a web site. For developers, this means exploring tools for obtaining consent for any user across any application.
Streamlining data access & reporting
GDPR gives users the power to request all data that is being collected on them. Organizations must be able to access user data easily and urgently as GDPR requires that they provide a detailed list of everything collected on a user within 30 days of the request. Developers need a plan for how they are going to quickly access the requested data in order to generate the report with minimal disruption to daily operations. As a result, many organizations are making the shift to cloud-based data storage due to the elasticity and speed offered through cloud services.
Evaluating existing data
Once all questions about data collection have been answered, developers should evaluate existing user data and consider exactly what data is essential to the organization. For example, it might not be necessary to collect phone data. Assessing and identifying data trends within an organization will save time and manpower when the inevitable audit or user data is requested.
Understanding the benefits
The passage of GDPR was followed by additional legislation to the same effect, such as the California Consumer Privacy Act. As businesses expand global reach, they need to be mindful of new and pending data regulations. Creating a sense of trust for users will create loyalty and users will want to do business with organizations that they trust and are loyal to. Organizations stand to benefit with regards to public perception, but also in reviewing processes specific to data storage. GDPR has inadvertently helped organizations streamline these methods.
As the sun sets on year one of GDPR, there’s no better time than the present to evaluate processes on data collection and storage. The regulations are not going away, and for the sake of trust and productivity, it’s important to remain diligent when it comes to consumer data.