Examples of GDPR Compliance
Privacy and data security is not only a subject for IT specialists. With the outcome of the EU’s GDPR, marketers, sales reps, HR personnel and managers are also involved, as they play an active role in how personal data is obtained and processed.
As you are working towards compliance, you will need to know about tools and practices that support it. More importantly you will need to understand this legislation in a clear and simple language.
In this article, you will learn what GDPR is about, when and why you need to consider it, and some examples on how to effectively achieve compliance.
So, let’s start with the basic question:
What is the GDPR
The General Data Protection Regulation (GDPR) is a new regulation dealing with data privacy that applies to all businesses dealing with European Union citizens. Because it is a regulation, it is legally binding, and non-compliance can be heavily penalized.
This regulation aims to give individuals more control on how their data is held and used by organizations. It is based on four main rights that any EU citizen has.
What rights are considered
Several rights are considered. The most important ones are:
- Right of Access: businesses are required to provide data subjects with a copy of their processed personal data upon request, in particular if the information refers to a minor.
- Right to Rectification: businesses are required to rectify any inaccurate personal information without undue delay, including the completion of incomplete data.
- Right to Erasure: businesses are required to erase personal data upon request from the data subjects, unless there are overriding legitimate grounds for not doing so.
- Right to Data Portability: businesses are required to send personal data to any other source upon request from the data subjects.
Who must comply
Legal compliance is based on the expanded territorial scope concept. According to it, there are two primary groups that must comply with the GDPR. They are:
- Firms located in the EU.
- Firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residents.
When will enforcement take place
GDPR compliance is effective from May 25, 2018, so be ready!
How DBSync can help you to comply with the GDPR
DBSync is a tool that connects your applications and databases, creating a more dynamic and better integrated ecosystem. It assists your Data Protection Officers (DPOs) by automating many of their tasks, increasing efficiency and reducing error generation; while keeping your business secure and cost-effective.
This tool can help you in both phases of GDPR compliance: preparation and maintaining. Here is how:
Phase 1: Preparing for compliance
You can start using DBSync during your preparation for compliance, when you perform an information audit that documents what personal information you hold and where it comes from. In this audit you basically want to identify all customers from the European Union.
This stage is very important, because it will define your GDPR compliance strategy. You have two strategy options: apply compliance mechanisms only to those customers who are from the EU, or to all your customers.
The decision would probably be based on the amount of users from the EU: if only a few users, it may be economically efficient to design your system with specifics for them, such as using opt in/out options for emails and newsletters, having access to your GDPR policy, etc.
Otherwise, if the amount of EU users is significant, you may choose to comply with all of them. This alternative offers the benefit of ensuring a sound personal data management to all your customers, who may appreciate this advantage.
It is in this important stage that DBSync comes in handy. Our app will help you to effectively map your data flows, with its easy-to-understand ETL processes that help you to track your GPDR data moving through connected apps, and thus, straightforwardly identify your users’ origins.
Figure 1 – DBSync ETL processes are easy to define by the use of triggers and rules
Phase 2: Maintaining compliance
When it comes to maintaining your GDPR compliance on track, DBSync is there to help you, based on its capacity to integrate apps from different vendors. For example, you can connect Salesforce and Quickbooks and many more.
Even more, you can synchronize your connection in such a manner that schemas and new fields created in the data source app are automatically replicated in the data destination system. Real time integration can also be achieved via outbound messages, making your rectifications with no delay as required in Article 5 of GDPR.
For example, if a client advises you that his or her surname has changed, or that he or she wants to opt out of a subscription, you only need to update the information in the main app, leaving the task in all other connected apps to DBSync.
Figure 2 – Logs and emails can serve as a legal proof
Additionally, DBSync keeps logs of all transactions, and gives you the option of sending notifications about transactions to selected parties. These invaluable features, ensure that, for example, in case of litigation you can prove that the necessary changes were made, and the correct people notified. Article 30 of the GDPR is very clear in this regard, when it asks you to keep records of your processing activities.
DBSync also lets you create snapshots of selected data, which can be then worked on and re-inserted in your apps. This capacity is great when, for example, a client asks to send his or her information to another party (Article 20: right to data portability), as you can create a specific and comprehensive data set, according to your needs.
Where can you find more information
There are several sites with useful information. Among them:
- https://gdpr-info.eu/ where you can find the official information related to the GDPR.
- https://www.gdpreu.org/ has good web learning resources for the GDPR.
- https://ec.europa.eu/info/law/law-topic/data-protection_en has also good information related to personal data protection in the EU.
- http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN contains the English version of the GDPR.
Conclusion
GDPR is a new regulation that obliges any business dealing with EU residents to conform to. It is aimed at protecting EU citizens’ personal information. This protection is summarized in different rights, such as the rights of access, to rectification, to erasure and to data portability. Enforcement will take place in May 2018.
The difficulties presented by this legislation can be mitigated by using the correct tools, among them, DBSync stands out for its efficiency and ease of use.
However, legal compliance is just one of the many benefits of DBSync’s tools. There are many more for you to explore. Ready to start? Go to the DBSync website (https://www.mydbsync.com/) where you can find useful information; or contact us, and we will gladly assist you and your business.