GDPR Compliance explained
General Data Protection Regulation is a European Union (EU) initiative which comes into effect in May 2018. It is being put in place to strengthen individual’s data protection and also regulate the export of personal data outside of the EU.
Ultimately the regulations aims to give private citizens much better control over any personal data that any company holds about them. At the same time the regulation aims to bring together one consistent set of protection and privacy rules that are in sync across the EU and beyond.
Even though GDPR compliance is governed by the EU it remains relevant in Asia also. Asian based entities that are subsidiaries of European companies are affected as are any Asian companies whom target or sell to European consumers and customers.
Companies in Asia that meet fall into this category will need to be GDPR compliant or face risk of significant fines of up to 20 million euros or 4% of their global revenue.
The major focus areas of GDPR compliance are as follows:
Data must be kept secure – that means encrypted, protected and backed up.
Individuals must the right to deletion or amendment – this means any individual must be able to request changes or deletion of the personal data that is held with an auditable trail to show that the requests are executed.
Risk Contingency and planning – organisations are required to implement, test and maintain plans that assess and mitigate risk of data theft of corruption.
Breach Notification – organisation are expected to maintain thorough and transparent processes for alerting local authorities in the event they suffer a data breach or corruption.
These are the high level areas for consideration, the complexity on a case by case basis varies, however the detailed analysis and research required for large companies to become completely GDPR compliant is non-trivial and may require the assistance and consultancy of experts in this field.
