This is the first post in our series about the General Data Protection Regulation (GDPR), the most comprehensive data protection law of the last few decades.
You've probably heard about the GDPR by now, but maybe you are a little unsure exactly what it is and asking yourself if it applies to your business? Is it something you should be worried about?
Our blog series will answer these questions and support you in the coming months, during the journey towards GDPR compliance. We'll provide a clear breakdown of the rules and demystify the more technical aspects of what may be required of your business.
The GDPR will come into effect on 25th May 2018 changing the way businesses process and handle data. As the last data protection law dates back to the 90's and digital data consumption has heavily increased since then, the GDPR represents a necessary step in answering to the growing concern about data security.
The core concept of the GDPR is to give individuals increased control over their personal data. This means companies will need to guarantee certain rights to citizens and promptly respond to the new type of requests they will receive.
The 99 articles of the GDPR can sound scary to most businesses but we cannot ignore the positive changes this will introduce. In fact, thanks to the law, being able to actively respond to customers' concerns about data security, businesses will gain more trust. In addition, the new law will stimulate an increased collaboration between companies as a conjoined effort between data controllers and data processors, which will be vital for compliance.
What is Considered Personal Data?
Before looking into the core principles of the GDPR in more depth, it is important to define what the law considers as personal data.
The GDPR extends the concept of personal data and defines it as any information relating to an identifiable person. This definition includes both direct or indirect identifications and factors specific to “physical, physiological, mental, economic, cultural and social identity” [1].
This means that personal data also include online identifiers. Therefore, IP addresses, devices IDs or cookie identifiers will be protected by the law, since, combined with other information, they may be used to recognise natural persons.
So, in other words, if you hold information that can be linked to an invididual person in any way, you need to take notice of the GDPR.
In our next blog post we will go through the key points of the GDPR and the consequences this will have on businesses.
[1] http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf
Claimable is helping our customers comply with the GDPR and, as a data processor, we are committed to full GDPR-compliance by May 2018.