Skip to main content

Understanding General Data Protection Regulation (GDPR) and the business impact

Do you know how your personal data is used and exchanged within Facebook or Google? How do you feel if you see your personal information is exposed to a digital marketer and he keeps bombarding you with promotional offers which you are not interested in? Whether you like it or not, this is how it works today. Your personal information is there to be used by anyone who can pay a small amount of money or capable of doing some kind of hacking. Do you ever think about why someone wants your full detail when registering into some kind of service?

Within first 6 months of 2017, there has been more than 6 Billion personal records were exposed through data breaches. They cost millions of dollars to the organizations today and in the future. Trust and confidence are the most important factors in today's business. 70% of customers reports that they would be less inclined to work with a business that suffered a public disclosure of a data breach.

From the above facts, it is self evident that data protection is not only important to the customers but also to the businesses. Even though business leaders understands the value of the data, that understanding has not translated into careful data stewardship. But with the impact they have seen with these data breaches on other businesses, everyone is now keen on having a better protection to their data.

Source: https://marketoonist.com/2017/10/gdpr.html

General Data Protection Regulation or GDPR provides the much needed kick in the ass to many businesses that have become complacent about the data security. All the businesses dealing with data about EU citizens (in and out of EU) needs to comply with this regulation by 2018 May. It is the successor to the previous regulation data protection directive which was introduced in 1995.

Even though this is a regulation, it has many useful things which any business can use for their benefit.

Forcing awareness about entire data web

  • Business leaders are forced to understand their data landscape no matter if your company is a small company or a large multi national company with subsidiaries and 100s of partners. All the incoming and outgoing data must be well understood. 
  • If the business has subsidiaries and partners, the entire data web needs to be well understood. 

Demanding knowledge of data sources and origin countries

  • Every data source (Partners, Customers, Subsidiaries) feeding data into the organization must be vetted and documented.
  • GDPR is the first global data protection law
  • Applies to any business which process data about EU citizens

Advising data minimization

  • Companies must state a planned use for all the personal data they obtain. Recommend to use data which is absolutely necessary. No additional data to be used for future.
  • Not holding data for any longer than absolutely necessary
  • Not changing the original purpose of the data capture
  • Deleting any data at the request of the data subject (customer)

Spotlighting data sharing

  • Data in transit needs to be properly secured.
  • Businesses must be able to document appropriate security measures for every step in data's life cycle

Acquiring consent

  • Requires clear, affirmative consent of use for personal information of EU citizens. 
  • Lack of response is not considered automatic consent

Breach monitoring and response

  • Breach notifications needs to sent within 72 hours of breach detection
  • Breach policies needs to be carefully setup with partners and well documented
Even though this looks like something annoying for a business, it really has some good things which can be gained for every company. This regulation provides the careful design of your business data and avoid keeping unnecessary data within your organization and hence reducing the operational expenditure.

In addition to the above mentioned points, following link provides a list of major changes which are coming with the GDPR.

https://www.eugdpr.org/key-changes.html


Labels:

Comments

  1. GDPR ConsultantsAugust 1, 2019 at 3:29 AM

    nice post you have shared thanks for sharing. Here i have found a origination where you can consults about GDPR and Web Services and they will clear you all dout about GDPR.

    ReplyDelete
  2. GDPR ConsultantsDecember 10, 2019 at 3:53 AM

    Thanks for sharing this information with us we are GDPR Consultant in India where we are single focused towards our clients and there business strategic objectives and we can provide regular and independent audit services regarding GDPR compliance.For more details call us:- +91 9968416366

    ReplyDelete

Post a Comment

Popular posts from this blog

WSO2 ESB tuning performance with threads

I have written several blog posts explaining the internal behavior of the ESB and the threads created inside ESB. With this post, I am talking about the effect of threads in the WSO2 ESB and how to tune up threads for optimal performance. You can refer [1] and [2] to understand the threads created within the ESB. [1] http://soatutorials.blogspot.com/2015/05/understanding-threads-created-in-wso2.html [2] http://wso2.com/library/articles/2012/03/importance-performance-wso2-esb-handles-nonobvious/ Within this blog post, I am discussing about the "worker threads" which are used for processing the data within the WSO2 ESB. There are 2 types of worker threads created when you start sending the requests to the server 1) Server Worker/Client Worker Threads 2) Mediator Worker (Synapse-Worker) Threads Server Worker/Client Worker Threads These set of threads will be used to process all the requests/responses coming to the ESB server. ServerWorker Threads will be used to pr
4 comments
Read more

How puppet works in your IT infrstructure

What is Puppet? Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud. How the puppet works? It works like this..Puppet agent is a daemon that runs on all the client servers(the servers where you require some configuration, or the servers which are going to be managed using puppet.) All the clients which are to be managed will have puppet agent installed on them, and are called nodes in puppet. Puppet Master: This machine contains all the configuration for different hosts. Puppet master will run as a daemon on this master server. Puppet Agent: This is the daemon that will run on all the servers, which are to be managed using p
7 comments
Read more

How to configure timeouts in WSO2 ESB to get rid of client timeout errors

WSO2 ESB has defined some configuration parameters which controls the timeout of a particular request which is going out of ESB. In a particular  scneario, your client sends a request to ESB, and then ESB sends a request to another endpoint to serve the request. CLIENT->WSO2 ESB->BACKEND The reason for clients getting timeout is that ESB timeout is larger than client's timeout. This can be solved by either increasing the timeout at client side or by decreasing the timeout in ESB side. In any of the case, you can control the timeout in ESB using the below properties. 1) Global timeout defined in synapse.properties (ESB_HOME\repository\conf\) file. This will decide the maximum time that a callback is waiting in the ESB for a response for a particular request. If ESB does not get any response from Back End, it will drop the message and clears out the call back. This is a global level parameter which affects all the endpoints configured in ESB. synapse.global_timeout_inte
3 comments
Read more