Effective as of May 25, 2018, General Data Protection Regulation (GDPR) affects every citizen of the EU and has a profound impact on how companies worldwide record and manage data. In a video created by DataGrail, Anna Westfelt, Intellectual Property Associate at Gunderson Dettmer, details why comprehending and operating within GDRP proves essential to a business’ success.
GDPR fundamentally reshaped how U.S. companies collect and process personal data, and it’s crucial to understand how personal data is treated under this regulation. Personal data has become a broad term, and in the regulation, refers to a wide range of rights granted to individuals regarding their data. A data subject’s rights include access to their own data, the ability to correct inaccuracies and restrict the use of their data as well as the right to be forgotten. With all these rights granted to EU citizens, it’s an absolute necessity for businesses to quickly access and manipulate data sets.
In conjunction with understanding GDPR, businesses must also recognize their role as either a controller or processor of a data set. Under GDPR, controllers and processors have different regulations to follow, and in certain cases, a business can be both the controller and the processor. The controller’s role is to determine the purposes and means of processing data, while a processor simply works with the data on behalf of the controller. Further, controllers primarily interface with data subjects and must respond promptly to requests from the subjects by providing necessary information and acting on the data. Then, processors assist the controller in deleting, manipulating, or sharing a subject’s data.
With GDPR, it’s critical to recognize that businesses need to provide a new service to data subjects and complete these requests in a timely manner. In turn, it’s imperative that controllers consider what requests will come through before they emerge, and ensure that their product/service complies with these requests. Under GDPR, companies are required to be responsive to data subjects — as defined by providing explanations for processes within 30 days — although successful businesses should do so in a much timelier manner.
In addition to manipulating data, controllers must also consider how their data subjects can exercise their right to access their personal data — possibly through a data subject dashboard. Finally, to act in compliance with GDPR, companies need to make information accessible to customers by stating their policies in a privacy notice.
GDPR is a comprehensive regulation and has transformed how businesses process and handle data. DataGrail assists companies in complying with regulations from both a legal and customer satisfaction perspective by providing a product that manages, automates, and gives customers access to data sets.
View the full video on Vimeo here