Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: GDPR: After 25th May, What Medium And Long Term Actions?
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Policy and Governance > GDPR: After 25th May, What Medium And Long Term Actions?
ComputingData ManagementInfographicPolicy and GovernancePrivacyRisk ManagementTransparency

GDPR: After 25th May, What Medium And Long Term Actions?

Laxmi Sharma
Laxmi Sharma
9 Min Read
After GDPR compliance
Shutterstock Licensed Photo - By Petr Vaclavek
SHARE

The General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of EU citizens and any non-compliance could cost them dearly. For those who are still unfamiliar with this, take a look at the infographic below. It shall give you a basic understanding of GDPR and its aspects.

Contents
In the Face of the Risks Of Collective ActionsOpportunities and Revision of Its Digital StrategyPrinciple of ResponsibilityAdvance on the Legal and InformaticsThe Limits of EncryptionMinimization, Anonymization and PseudonymizationRight to Information and ErasureIn the Long Term, Jurisprudence and ReadjustmentsGDPR Compliance is an Evolving Challenge Since May 25

gdpr

What is next after the main GDPR compliance procedures? What actions can be taken in the medium and long term? Should we wait for the laws for specific cases or scenarios?
Here, we will see some recommendation from experts.
As of May 25th, 2018, the main provisions have been implemented to comply with the new GDPR regulation. Any new action must be compliant from the design stage and properly protected.

However, there will still be a lot to do. When the main requirements have been treated as a priority, we must take the right steps to be compliant to avoid the risk of being exposed to sanctions and fines. The regulation requires organizations to have a permanent DPO (data protection officer). It is a part of the continuous improvement process. Brands must continue implementation of new procedures. It can be real IT projects or programs to engage on traditional delays of 6 to 18 months which has been observed by many experts.

More Read

GPU databases
3 Ways GPU Databases are Transforming Financial Services
Managing Your Sales Funnel: How Does CRM Software Help?
Google Report Shows Android Users Need VPNs for Data Privacy
Building a Private Cloud: A Strategic Guide
The Billboard Problem: Why Intelligent Ads Only Live Online, for Now

In the Face of the Risks Of Collective Actions

Nobody knows exactly what actions and what control will be exercised by the regulators. On the other hand, it is clear that organizations will be exposed to class actions by users, customers or consumers.

Among the medium and long-term, the right of access (with rectification, opposition and deletion) and the right to portability must be prioritized to allow interested parties to retrieve an electronically transmittable file to a third party, typically in case of change of provider.
The information / communication component can also be an important program. In particular, transparency is vital. For example, if I give my personal details for specific service; there is no question of using them for another purpose.
Therefore, it is important to ensure that the modalities of data collection are fair, lawful and transparent. If applicable for back-office processing in “near-shore” or “off-shore”, (e.g. consultation or troubleshooting centers in South-East Asia), it must be disclosed that the data will be shared with data partners outside of the EU.

Opportunities and Revision of Its Digital Strategy

The new regulation can open real commercial opportunities:

“If one is positive, this overlay of regulatory constraints can turn into a gold mine”.

By putting themselves in order, companies will be able to communicate their competitive strengths to their customers. They may, declare that they do not monetize the use of personal data or do so in their interest of earning their trust. For instance, the choice of point of sale or the points of contacts who have chosen the service.
Such an approach encourages creating or at least reconsidering its digital strategy. It leads to restructuring the processing of databases, including private data. For an instance, it shows that:

“Not only do I respect the regulation in the eyes of my users or customers, but I propose to them, by being transparent, to take advantage of them to improve the service”.

Principle of Responsibility

This transparent approach is more appropriate for all the major groups. The principle of responsibility lies between subcontractors, the collector and data holder (and never the “owner” because the data remains the property of the people). The data collector is responsible for making sure subcontractors abide by their rules.

Advance on the Legal and Informatics

You have to be pragmatic. You need to intervene on the legal, technical as well as other aspect of the data. There are tools, such as the DPPS (Data Protection Impact Assessment) that not only lets you facilitate various tasks but also codes of conduct and good practice guides such as the ICO (UK).

The mapping of personal data, in files or application, can involve a hundred of actions. It is therefore a good idea to design a prioritization plan based on the nature and sensitivity of the data.

The implementation of safety and traceability procedures is also, in itself, a process of continuous improvement.

It is thus a good idea to carry out diagnostics or compliance audits of the company. You can then act on ad hoc events on the basis of on the impact assessment. On some aspects, it may be appropriate to resort to some support.

The Limits of Encryption

Encryption is recommended upstream, especially in the case of payment procedures or financial transactions such as Pci-Dss protocols. But it can be very tedious for some organizations. It can take a long time and may be heavy for historical bases of great volume try and little information (like recipient files of a newsletter). It is not recommended systematically as this may be disproportionate in some contexts.

Minimization, Anonymization and Pseudonymization

Applying the minimization principle makes it possible to expose less data by collecting only the data that are really useful and necessary in the context of the stated purpose.
We must not focus on technical mapping, but on identification, the right to identity in a limited space, and qualification. “Can we hold these data? Yes, if we cannot do otherwise”.
Anonymization, which is irreversible, is a good approach under the law. If it is necessary to establish a strong confidentiality agreement, the pseudo-anonymization (which allows going back) remains debatable, even if it is legally valid. But again, the processes are tedious and expensive if they are done afterwards.

Right to Information and Erasure

The right to information, which is also the right to question, must also, remain a concern, “in a proactive dynamic manner”.

The obligation to delete or purge raises the question of how long data should be kept, which depends on their nature and on contractual commitments or general conditions. So, there is an impact on the action. This chapter also raises questions about the duty of memory, the right to history, but also refers to the freedom of the press, which aims to preserve the memory of the facts.

In the Long Term, Jurisprudence and Readjustments

In the balance sheet, the compliance with the GDPR is a continuous process. The GDPR regulation, it is an inflation of articles, twenty more, compared to the law of 1978, that is to say 99 articles, which are introduced by 173 ‘recitals’ with as many possible interpretations. Though, nothing is clear enough, but the litigation cases will focus on certain points.
Finally, we note that the stakes are global and frontal. The legal principle is the most important part of GDPR, however, it is not a question of freedom but of dignity, and the respect for the dignity of the people.

GDPR Compliance is an Evolving Challenge Since May 25

The GDPR is one of the biggest changes affecting everyone that does business in the EU. Organizations must monitor developments and respond to challenges as new information arises. Since the details are still being ironed out, there will be a number of new developments to focus on in the future.

TAGGED:#GDPRGDPR ComplianceGDPR implications
Share This Article
Facebook Pinterest LinkedIn
Share
ByLaxmi Sharma
Follow:
Laxmi is a content writer and affiliate marketer who loves sharing knowledge to help others grow their business. When not busy writing, or sharing thoughts on forums, she can be found reading novels, eating Thai food & drooling over gadgets.

Follow us on Facebook

Latest News

data analytics and truck accident claims
How Data Analytics Reduces Truck Accidents and Speeds Up Claims
Analytics Big Data Exclusive
predictive analytics for interior designers
Interior Designers Boost Profits with Predictive Analytics
Analytics Exclusive Predictive Analytics
big data and cybercrime
Stopping Lateral Movement in a Data-Heavy, Edge-First World
Big Data Exclusive
AI and data mining
What the Rise of AI Web Scrapers Means for Data Teams
Artificial Intelligence Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

data protection big data
Best PracticesBig DataData ManagementITPrivacyRisk ManagementSecurity

The Importance of Data Protection During the Coronavirus Pandemic

6 Min Read
data science and GDPR
Big Data

What Do Big Data Professionals Need to Know About GDPR

4 Min Read
GDPR and security
Best PracticesBig DataData ManagementExclusiveInternet of ThingsPolicy and GovernancePrivacySecurity

GDPR Fines, Ransomware, and Cybersecurity: What You Need To Know

9 Min Read
GDPR implications
Big DataExclusiveNews

GDPR Implications of Desktop and Mobile Online Collaboration Platforms

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?