We live in an era where Apple is just not eaten or birds are not the only ones who Tweet or Amazon is just not a rainforest. We are the #hashtag generation where our personality and opinion are not bound through words from mouth but also posted in digital tabloids. The internet has made the whole world an audience and given us a platform which no other generation saw, not even imagined just twenty to twenty five years back. We are truly blessed that distance is no more a major factor to know each other or to stay in touch with our closed ones or to pay for the services and goods received from far off. The revolutionary data services made video calls cheap, money transfer faster and shopping easy from home. ‘Data’ is ruling to make all this possible and hence Power lies among people or organizations who are data driven.
Here I want to emphasize on one of my favourite dialogue from the movie Spiderman – ‘With Great Power comes Great Responsibility’! Or let me tweak to set in the right context of this article – ‘With huge data comes GDPR ’!
Yes, this article is about a quite trending word in town – ‘General Data Protection Regulations’ or in short #GDPR intended for the European Union citizens. In my question list, ‘Why’ has the first priority in any topic because that will determine how important the topic is. Now the big question was ‘Why is GDPR so important?’ Well, a part of the answer is already there, data is power. And like every power , it can be misused and here it deals with protection of human rights. As the digital platforms provide a huge advantage of ‘freedom of opinion and expression’, the right that is under threat is ‘privacy’. Strengthening and unifying the data protection of all Individuals within European Union is the core motive of GDPR. Now that’s a fundamental concern that we are facing first time of its kind due to the major technological advances made in last few decades. Although there is a ‘data protection directive’ which was passed in 1995, it will be replaced in the coming year 25 May 2018 by GDPR. The main observation here is ‘a directive will be replaced by a regulation’. Directives lay down certain results that must be achieved but each Member State is free to decide how to transpose directives into national laws whereas Regulations have binding legal force throughout every Member State and enter into force on a set date in all the Member States.
Rights to empower
Multiple rights have been introduced in this regulation to empower an Individual , to name few – ‘Right of access’, ‘Right to rectification’, ‘Right to erasure,’ Right to data portability’. Apart from catering to these, all organizations (Controller and processor) are accountable to many obligations and some of them are ‘Data protection by design and by default’, ‘Data protection Impact assessment’, ‘Position of Data Protection Officer’. And the consequences of not complying with the regulation is pretty hefty! Fines of up to 20 million Euros or 4% of world wide annual turnover along with loss of brand reputation and trust. So here you go, it is freaking important for every organization who has personal data of European Union citizens! Convinced with the ‘Why’?
Much has been said about GDPR and the regulation itself is quite extensively written, comprising of 99 articles. If you are interested to read the regulation in detail, I have added the link below in reference. So I am not going to get into ‘What’ (i.e. ‘What is the content of GDPR?’) , rather would like to say something about ‘How’. The next big question – ‘How to get ready for GDPR?’
How to get ready for GDPR?
It can be imagined that the wideness of the regulation can be concerning for most organizations as it talks about so many facets. It talks about Privacy Impact assessments, consent management , access privileges, data governance and what not! Over and above in case of data breach there are specific actions to be taken promptly, else the controller/processor is in the bad eyes of the supervisory authority.
We, at Capgemini, are aware of the complexities the market is going to face and hence we have equipped ourselves specifically for GDPR. Due to our variety in consulting services and experiences in all these topics, we are among the rare to offer GDPR catalogue of services that will help controllers/processors to comply with the regulation. We call this one-stop-shop offering ‘GDPR building blocks’ comprising of nine fundamental blocks. Here is an overview of it:
We would be more than happy to deep dive into the individual services, so please reach out to us.
Our Single point of contact for GDPR offerings: Erwin.firstname.lastname@example.org
Along with these blocks, we have multiple partnerships with product vendors like IBM, SAS and many more. So we can help selecting an appropriate technology for your GDPR roadmap as well.
I hope the ‘How’ is promising because it’s time to seriously #mindthegap!
Good luck with GDPR,
- Link to EU GDPR