10 Informative GDPR Articles Compliance-Seekers Must Read
Europe’s upcoming General Data Protection Regulation (GDPR) will have a widespread impact on companies that operate in virtually every corner of the globe. As a result, there is a seemingly endless amount of information regarding the new data privacy framework available on the web. This material is scattered across a wide array of websites, journals, papers, and articles. It’s true too that a multitude of opinions and outlandish claims continue to cloud already-muddied water, making the task of sifting through it all to find the most relevant, helpful, and vital information a daunting task.
With this in mind, we’ve taken the time to scrub the web for the 10-most informative articles on GDPR to help assist you in your search for the insights you need to avoid the pitfalls and ensure compliance. Outside reading the regulation’s official text, familiarizing yourself with the concepts and directives in these helpful links is the next best thing.
Available in three languages, this brief historical overview and European data protection timeline is helpful when trying to understand how the regulation evolved over time. Authored by the EU’s independent data protection authority, the timeline begins all the way back in 1995 when the first data protection protocols were adopted to deal with the processing of personal data. On history, you should also read this post by the International Association of Privacy Professionals.
A complete guide to what every company that does business in Europe needs to know, authored by CSO’s Senior Editor Michael Nadaeu. The article provides a basic definition of the new law, specific companies it may impact, who will be responsible for maintaining compliance, which requirements are most prominent, and examples of what a successful GDPR project may look like. Readers are also encouraged to read CSO’s GDPR preparation guidelines.
Part of a series by activity monitoring and risk management solution provider Imperva, this post covers what happens when an organization is not in compliance with the new regulation. GDPR gives new power to data protection authorities, which means that fines can be applied for non-compliance. The article explains how fines are calculated and dives into the language used inside the legislation for an even closer examination.
This article was authored for CIO Dive by Arlo Gilbert, CEO and co-founder of Meta SaaS, a cloud-based license management and analytics solution provider. It provides six necessary steps every organization needs to take in order to identify whether or not they are at risk. This includes taking a deeper look at who should handle data protection and governance, and assessing the current state of your data architecture to uncover where holes my be hiding.
This post was written by Clint Boulton, a Senior Writer at CIO. It cites PwC research that says American CIOs are allocating millions of budgeting dollars to prepare for GDPR. Financial burdens are large, even on US-based global corporations with considerable resources. Obtaining or maintaining compliance figures to be an expensive task, both in terms of financials and technical or personnel expenditures. This is an important read if you’re in the process of weighting your options.
A Data Protection Officer is an enterprise security leadership role that will be required by the GDPR. This role is responsible for leading the overarching data protection strategy inside an organization as it relates to compliance with the new regulation. Digital Guardian editor Nate Lord defines the role, outlines its responsibilities and requirements, and recommends some best practices for hiring.
Article 17 of the GDPR gives European citizens the right to request erasure, or the “right to be forgotten.” The individual is effectively requesting that you erase the entirety of their personal information. Scality‘s Chief Marketing Officer Paul Turner explains that in this scenario the law will not only require erasure from every one of your business systems, but systems of other organizations whom you may have shared the information with. It’s all very complex, but the posting does an excellent job at outlining this new measure. Here’s more on erasure rights from the Information Commissioner’s Office.
Organizations are subject to obligations based on whether they are classified as a controller or processor in connection with the data subjects’ personal data. This post, authored by Sheilda Jambekar of Twilio, outlines some key legal clarifications included in the GDPR pertaining to data subjects, controllers, and processors. The three are subject to different rules, so it’s both important to differentiate them, and to be sure of which camp your organization belongs.
WIRED UK’s acting Commissioning Editor Matt Burgess authors what we see as the best UK-centric GDPR overview out there right now. This need-to-know guide explains what the regulatory changes may mean for you. The piece features a summary of the new law, an outline of existing law, how accountability and compliance work, and a brief on fines for non-compliance.
According to London-based independent GDPR analyst Chiara Rustici, the regulation will still apply to UK companies that do business within the borders of the European Union. Since the regulation applies to any business that collects data from citizens of the EU, Brexit figures to have only a minor impact on UK-based organizations. We also recommend checking out ComputerWeekly’s Essential Guide to GDPR.
None of the information included in this article is to be considered legal advice and is for educational purposes only.
Widget not in any sidebars