Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
    pexels pavel danilyuk 8112119
    Data Analytics Is Revolutionizing Medical Credentialing
    8 Min Read
    data and seo
    Maximize SEO Success with Powerful Data Analytics Insights
    8 Min Read
    data analytics for trademark registration
    Optimizing Trademark Registration with Data Analytics
    6 Min Read
    data analytics for finding zip codes
    Unlocking Zip Code Insights with Data Analytics
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: GDPR: After 25th May, What Medium And Long Term Actions?
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Policy and Governance > GDPR: After 25th May, What Medium And Long Term Actions?
ComputingData ManagementInfographicPolicy and GovernancePrivacyRisk ManagementTransparency

GDPR: After 25th May, What Medium And Long Term Actions?

Laxmi Sharma
Laxmi Sharma
9 Min Read
After GDPR compliance
Shutterstock Licensed Photo - By Petr Vaclavek
SHARE

The General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of EU citizens and any non-compliance could cost them dearly. For those who are still unfamiliar with this, take a look at the infographic below. It shall give you a basic understanding of GDPR and its aspects.

Contents
In the Face of the Risks Of Collective ActionsOpportunities and Revision of Its Digital StrategyPrinciple of ResponsibilityAdvance on the Legal and InformaticsThe Limits of EncryptionMinimization, Anonymization and PseudonymizationRight to Information and ErasureIn the Long Term, Jurisprudence and ReadjustmentsGDPR Compliance is an Evolving Challenge Since May 25

gdpr

What is next after the main GDPR compliance procedures? What actions can be taken in the medium and long term? Should we wait for the laws for specific cases or scenarios?
Here, we will see some recommendation from experts.
As of May 25th, 2018, the main provisions have been implemented to comply with the new GDPR regulation. Any new action must be compliant from the design stage and properly protected.

However, there will still be a lot to do. When the main requirements have been treated as a priority, we must take the right steps to be compliant to avoid the risk of being exposed to sanctions and fines. The regulation requires organizations to have a permanent DPO (data protection officer). It is a part of the continuous improvement process. Brands must continue implementation of new procedures. It can be real IT projects or programs to engage on traditional delays of 6 to 18 months which has been observed by many experts.

More Read

Digital Risk Management: Why Cyber Security Measures Aren’t Enough
What Are the Best Methods To Keep Online Data Safe?
Can Big Data Analytics Solve “Too Big to Fail” Banking Complexity?
Marketing Manners & Business Intelligence: Give, and You Shall Receive
Introducing the Big Data MOPS Series

In the Face of the Risks Of Collective Actions

Nobody knows exactly what actions and what control will be exercised by the regulators. On the other hand, it is clear that organizations will be exposed to class actions by users, customers or consumers.

Among the medium and long-term, the right of access (with rectification, opposition and deletion) and the right to portability must be prioritized to allow interested parties to retrieve an electronically transmittable file to a third party, typically in case of change of provider.
The information / communication component can also be an important program. In particular, transparency is vital. For example, if I give my personal details for specific service; there is no question of using them for another purpose.
Therefore, it is important to ensure that the modalities of data collection are fair, lawful and transparent. If applicable for back-office processing in “near-shore” or “off-shore”, (e.g. consultation or troubleshooting centers in South-East Asia), it must be disclosed that the data will be shared with data partners outside of the EU.

Opportunities and Revision of Its Digital Strategy

The new regulation can open real commercial opportunities:

“If one is positive, this overlay of regulatory constraints can turn into a gold mine”.

By putting themselves in order, companies will be able to communicate their competitive strengths to their customers. They may, declare that they do not monetize the use of personal data or do so in their interest of earning their trust. For instance, the choice of point of sale or the points of contacts who have chosen the service.
Such an approach encourages creating or at least reconsidering its digital strategy. It leads to restructuring the processing of databases, including private data. For an instance, it shows that:

“Not only do I respect the regulation in the eyes of my users or customers, but I propose to them, by being transparent, to take advantage of them to improve the service”.

Principle of Responsibility

This transparent approach is more appropriate for all the major groups. The principle of responsibility lies between subcontractors, the collector and data holder (and never the “owner” because the data remains the property of the people). The data collector is responsible for making sure subcontractors abide by their rules.

Advance on the Legal and Informatics

You have to be pragmatic. You need to intervene on the legal, technical as well as other aspect of the data. There are tools, such as the DPPS (Data Protection Impact Assessment) that not only lets you facilitate various tasks but also codes of conduct and good practice guides such as the ICO (UK).

The mapping of personal data, in files or application, can involve a hundred of actions. It is therefore a good idea to design a prioritization plan based on the nature and sensitivity of the data.

The implementation of safety and traceability procedures is also, in itself, a process of continuous improvement.

It is thus a good idea to carry out diagnostics or compliance audits of the company. You can then act on ad hoc events on the basis of on the impact assessment. On some aspects, it may be appropriate to resort to some support.

The Limits of Encryption

Encryption is recommended upstream, especially in the case of payment procedures or financial transactions such as Pci-Dss protocols. But it can be very tedious for some organizations. It can take a long time and may be heavy for historical bases of great volume try and little information (like recipient files of a newsletter). It is not recommended systematically as this may be disproportionate in some contexts.

Minimization, Anonymization and Pseudonymization

Applying the minimization principle makes it possible to expose less data by collecting only the data that are really useful and necessary in the context of the stated purpose.
We must not focus on technical mapping, but on identification, the right to identity in a limited space, and qualification. “Can we hold these data? Yes, if we cannot do otherwise”.
Anonymization, which is irreversible, is a good approach under the law. If it is necessary to establish a strong confidentiality agreement, the pseudo-anonymization (which allows going back) remains debatable, even if it is legally valid. But again, the processes are tedious and expensive if they are done afterwards.

Right to Information and Erasure

The right to information, which is also the right to question, must also, remain a concern, “in a proactive dynamic manner”.

The obligation to delete or purge raises the question of how long data should be kept, which depends on their nature and on contractual commitments or general conditions. So, there is an impact on the action. This chapter also raises questions about the duty of memory, the right to history, but also refers to the freedom of the press, which aims to preserve the memory of the facts.

In the Long Term, Jurisprudence and Readjustments

In the balance sheet, the compliance with the GDPR is a continuous process. The GDPR regulation, it is an inflation of articles, twenty more, compared to the law of 1978, that is to say 99 articles, which are introduced by 173 ‘recitals’ with as many possible interpretations. Though, nothing is clear enough, but the litigation cases will focus on certain points.
Finally, we note that the stakes are global and frontal. The legal principle is the most important part of GDPR, however, it is not a question of freedom but of dignity, and the respect for the dignity of the people.

GDPR Compliance is an Evolving Challenge Since May 25

The GDPR is one of the biggest changes affecting everyone that does business in the EU. Organizations must monitor developments and respond to challenges as new information arises. Since the details are still being ironed out, there will be a number of new developments to focus on in the future.

TAGGED:#GDPRGDPR ComplianceGDPR implications
Share This Article
Facebook Pinterest LinkedIn
Share
ByLaxmi Sharma
Follow:
Laxmi is a content writer and affiliate marketer who loves sharing knowledge to help others grow their business. When not busy writing, or sharing thoughts on forums, she can be found reading novels, eating Thai food & drooling over gadgets.

Follow us on Facebook

Latest News

accountant using ai
AI Improves Integrity in Corporate Accounting
Exclusive
ai and law enforcement
Forensic AI Technology is Doing Wonders for Law Enforcement
Artificial Intelligence Exclusive
langgraph and genai
LangGraph Orchestrator Agents: Streamlining AI Workflow Automation
Artificial Intelligence Exclusive
ai fitness app
Will AI Replace Personal Trainers? A Data-Driven Look at the Future of Fitness Careers
Artificial Intelligence Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

data privacy and other data laws to recognize
Data Collection

The Legal Requirements For Gathering Data

5 Min Read
HR professionals prepare GDPR
Big DataExclusive

Can HR Professionals Use Big Data After the GDPR?

5 Min Read
data science and GDPR
Big Data

What Do Big Data Professionals Need to Know About GDPR

4 Min Read
recruiting GDPR experts
Best PracticesData ManagementExclusiveGDPRPrivacy

Understanding The Role Of Data In Recruiting GDPR Experts

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?