Most of us remember Y2K. As we edged closer to the year 2000, the world counted down, theorizing what would happen within coded computer systems as the change took place.
Luckily, Y2K wasn’t as big a deal as many thought – conspiracies surrounding computers acting on their own or simply shutting down and disabling many of the world’s most important automated functions proved to be untrue.
“The purpose of the GDPR is to unify the approach to data privacy and protect against breaches.”
Now, however, the world has something new to count down to, and this change promises to be much more real and impactful than the virtual ramifications of flipping the page on a calendar. GDPR, or the General Data Protection Regulation, will take effect on May 25, 2018, and requires specialized protections and capabilities on the part of businesses that serve countries within the European Union.
The clock is ticking: What’s changing?
While much of the world was unsure as to what would actually happen after December 31, 1999, the GDPR’s approaching deadline isn’t quite so mysterious.
Approved by EU Parliament in April of 2016, organizations located within the euro zone – and those that provide services to customers from the EU, whether those services happen in the EU or elsewhere – must comply with the regulation before the end of May, 2018. The purpose of the regulation is to unify the approach to data privacy and ensure protection against data breaches, providing a set of standards for companies to follow.
EUGDPR.org pointed out that there are numerous changes that the regulation puts in place, including an increased territorial scope. In other words, businesses that reside within EU countries aren’t the only ones beholden to GDPR – any organization that processes personally identifiable data of subjects residing within the EU must follow the regulation.
Under GDPR, subjects must be:
- Notified within 72 hours, should a breach of their personal data take place.
- Provided details about the personal data an organization processes, including a digital copy of the data, and information about where it is being processed and why.
- Allowed the Right to be Forgotten, also known as Data Erasure. This right enables data subjects to prevent further use, dissemination or processing of their personal data if information isn’t relevant or the subject withdraws their consent to use it.
- Allowed the right to transmit data from one data controller or service provider to another.
What does this mean?
If your company has locations within the EU or does business there, this means you are beholden to the rules of GDPR. Your organization will require a solution that can bring all of its data together in a single place, and enable you to comply with this regulation. What’s more, as non-compliant businesses can be fined as much as 4 percent of their annual global turnover, this solution must be put in place before the May 25, 2018 deadline.
Thankfully, Unifi is here to help. Unifi’s Compliance Data Hub offers RegAlert!, a feature specifically aligned with companies’ needs under GDPR. In a nutshell, RegAlert! allows users to block unauthorized access to sensitive, personally identifiable information while notifying the organization that access was attempted. In this way, the business’s data steward can respond appropriately in line with GDPR, by either granting access on an unconditional basis for authorized users or on a restricted basis where appropriate. Unauthorized access, on the other hand, can be met with a formal prohibition from the Unifi platform.
Best of all, data access is monitored by RegAlert!, in real time, ensuring that businesses are able to respond to requests, support security and remain compliant with the rules of GDPR.
To find out more about how Unifi’s Compliance Data Hub and RegAlert! prepares your organization for the requirements of GDPR, check out our solution brief today.