Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Understanding GDPR and Its Business Impact

DZone's Guide to

Understanding GDPR and Its Business Impact

In first 6 months of 2017, more than 6 million personal records were exposed through data breaches. The General Data Protection Regulation (GDPR) aims to diminish this.

· Big Data Zone
Free Resource

Learn best practices according to DataOps. Download the free O'Reilly eBook on building a modern Big Data platform.

Do you know how your personal data is used and exchanged by Facebook or Google? How would you feel if you saw your personal information was exposed to a digital marketer and who continued to bombard you with promotional offers you're not interested in? Whether you like it or not, this is how it works today. Your personal information is there to be used by anyone who can pay a small amount of money or who's capable of doing some kind of hacking. Do you ever think about why someone wants your personal information when you register for some kind of service?

In first six months of 2017, more than six million personal records were exposed through data breaches. They cost millions of dollars for organizations today and will continue to in the future. Trust and confidence are the most important factors in today’s businesses. 70% of customers report that they'd be less inclined to work with a business that had a public data breach.

From the above facts, it is evident that data protection is not only important to customers but also to businesses. Even though business leaders understand the value of the data, that understanding hasn't translated into careful data stewardship. But with the impact we've seen data breaches have on other businesses, the public is now keen on having better protection to their data.

Source

General Data Protection Regulation (GDPR) provides the much-needed kick in the *ss to many businesses that have become complacent about data security. All the businesses dealing with data regarding EU citizens (both inside and outside of the EU) need to comply with this regulation by May 2018. GDPR is the successor to the previous regulation data protection directive, which was introduced in 1995.

Even though this is a forced regulation, it has many useful things that any business can use for their benefit.

Forcing Awareness of the Entire Data Web

  • Business leaders are forced to understand their data landscape no matter if they're a small company or a large multinational company with subsidiaries and hundreds of partners. All the incoming and outgoing data must be well-understood.

  • If the business has subsidiaries and partners, the entire data web needs to be well-understood.

Demanding Knowledge of Data Sources and Origin Countries

  • Every data source (i.e. partners, customers, subsidiaries) feeding data into an organization must be vetted and documented.

  • GDPR is the first global data protection law.

  • Applies to any business that processes data about EU citizens.

Advising Data Minimization

  • Companies must state a planned use for all the personal data they obtain. It's recommended to use data that is absolutely necessary, with no additional data to be used for future.

  • Not holding data for any longer than absolutely necessary.

  • Not changing the original purpose of the data capture.

  • Deleting any data at the request of the data subject (customer).

Spotlighting Data Sharing

  • Data in transit needs to be properly secured.
  • Businesses must be able to document appropriate security measures for every step in data’s lifecycle.

Acquiring Consent

  • Requires clear, affirmative consent of use of EU citizens' personal information.
  • Lack of response is not considered automatic consent.

Breach Monitoring and Response

  • Breach notifications need to sent within 72 hours of breach detection.
  • Breach policies need to be carefully set up with partners and well-documented.

Even though this looks like something annoying for a business, it really has some good things that can provide benefits to any company. This regulation provides the careful design of your business data and avoids keeping unnecessary data within your organization and thus reduces operational expenditure.

In addition to the above-mentioned points, see this link for a list of major changes that are coming with the GDPR.

Find the perfect platform for a scalable self-service model to manage Big Data workloads in the Cloud. Download the free O'Reilly eBook to learn more.

Topics:
big data ,gdpr ,data security ,data protection ,compliance

Published at DZone with permission of Chanaka Fernando, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}