What is the GDPR, really?
It’s left, right and center and, according to everyone in the Business Intelligence industry, it should be your number one priority. Of course, we are talking about the impending General Data Protection Regulation (or GDPR for those that don’t have 5 minutes to spare spelling it out). And while information is being bombarded to us via our screens, it’s still not entirely clear what changes we can expect. So, we wanted to take the time to break down all of the individual elements of the GDPR and give it to you straight. Without further ado, let us answer the question “What is the GDPR?” for individuals and organizations alike.
Let’s look at all of the elements
Broadly speaking, the GDPR surrounds the privacy rights of data subjects, i.e. individuals. The introduction will see a huge increase in the regulations surrounding personal data, with the goal of giving back ownership to individuals. So, before we begin, let us define personal data. Personal data is any information related to a natural person.
The right to be forgotten
Let’s begin with the term that arguably has been making the rounds the most- “The right to be forgotten”. And, although it might sound quite straightforward, let’s elaborate. It refers to every individual’s right to remove their own personal data from organizations’ databases.
For example, if you are a customer with company X ( or have been in the past), this company has information stored about you. It will, with the introduction of the GDPR, be possible for you to request that company X remove all of this. And while it is often useful for organizations to have a certain amount of information about you, the right to be forgotten will allow you to remove information if say, for instance, you are no longer a customer or if there has been some sort of malpractice. Basically, you will officially have ownership of your own personal data.
As a result of having ownership of your own personal data, you will also be able to transfer your data as you see fit. For example, if you are switching music provider, you will be able to ask your old provider to transfer all of your personal data to your new provider. This will make it a lot easier for customers to take advantage of the storage of their own data and will make it significantly easier to switch provider.
Right to access
Alright, so we have discussed some the additional rights that individuals, or data subjects, will have as a result of the introduction of the GDPR. However, what does this mean for organizations? Well, it means that organizations will need to be able to identify and isolate where their data is stored and what data subject it belongs to.
Furthermore, the right to access describes the data subject’s right to access their data, finding out where it stored within the organization in question, as well as who has access to it currently and who has accessed it in the past. It thereby becomes even more important for companies and institutions to know exactly what data they are sitting on and to be able to retrieve this upon request.
In line with what has been described, it will also become mandatory for organizations to clearly and concisely ask for a data subject’s consent prior to storing their data. Additionally, the same terms should be applied in regards to withdrawing consent.
Privacy by design
The GDPR will also introduce the “Data Protection by Design and by Default” clause. This addresses the need to design new systems with privacy at the core, rather than as an addition. For a lot of companies, this will mean that their current systems need to be heavily restructured.
Additionally, organizations will also be liable to notify DPAs, consumers, and controllers of any breach that may “result in a risk for the rights and freedoms of individuals” within 72 hours of discovery. If data security is ever jeopardized, the organization is further required to perform a risk assessment as a means of containing the problem.
Data protection officers
On the bureaucratic side of “What is the GDPR?”, we will also see that public authorities and organizations with more than 250 employees will need to hire a qualified officer to oversee the handling of personal data.
Here are some additional resources for you
Let’s be honest, reading text is not the most thrilling way to take in new information. So we have a couple of videos that we would like to recommend to you.
First of all, Carl Gottlieb presented a fabulous run-through of the GDPR when at SteelCon in July 2017 titled “Let’s Cut The Crap On GDPR”. It’s brutally straightforward and an enjoyable watch!
However, if you feel that you’d rather speed up the learning process, “GDPR – Simply Explained in 3 Minutes” might be more up your alley.
Let NodeGraph help you get ready for the GDPR
Finally, now that you (hopefully) have an answer to “What is the GDPR?”, you might feel slightly overwhelmed as to what is expected of you. From an organizational standpoint, that is. But don’t worry too much, we are more than willing to help. Our developers here at NodeGraph are currently working hard to provide you with a GDPR module that will help you get your Qlik Solution ready. For more information, give our video a watch or get in touch!