{"id":71294,"date":"2017-07-20T06:05:12","date_gmt":"2017-07-20T10:05:12","guid":{"rendered":"https:\/\/www.spadetechnology.com\/the-7-things-you-need-to-know-about-gdpr-data-compliance\/"},"modified":"2023-03-29T13:42:59","modified_gmt":"2023-03-29T13:42:59","slug":"the-7-things-you-need-to-know-about-gdpr-data-compliance","status":"publish","type":"post","link":"https:\/\/www.spadetechnology.com\/the-7-things-you-need-to-know-about-gdpr-data-compliance\/","title":{"rendered":"The 7 Things You Need to Know About GDPR Data Compliance"},"content":{"rendered":"

The GDPR brings a new set of data regulations: Here\u2019s what to know and if you need to do anything. \u00a0<\/strong><\/p>\n

\"Europe<\/p>\n

Over the past several months, conversations have arisen concerning the new GDPR, or General Data Protection Regulation created by the EU. It\u2019s quickly moving from a casual bit of IT news to an important issue for companies creating long-term data strategies: In other words, it\u2019s time to make some decisions about this new regulation. To help out, here\u2019s what you need to know\u00a0about the GDPR<\/a>\u00a0and why you should consider a response.<\/p>\n

1. The GDPR Is More Far-Reaching Than You May Expect<\/strong><\/p>\n

Yes, the GDPR is an official EU standard, and it does not apply outside of the EU. However, this gives it a lot more reach than you might expect. Yes, it\u2019s a European \u201cregulation\u201d (which is somewhat behind a \u201cdirective\u201d but still very important), but it\u2019s one that applies to the data of all EU citizens \u2013 including pre-Brexit Britain). That means if you have any customers, partners, or supply chain links in the EU (or want some in the future), you need to be aware of what the GDPR requires and of whom.<\/p>\n

That\u2019s part of the intent of the legislation: It\u2019s designed to encourage data privacy and security practices among businesses across the world that want to deal with EU customers. And unless your company is highly separated into divisions, it\u2019s also a good opportunity to update your data systems for\u00a0all<\/em>\u00a0customers. On the downside, this may mean that it is no longer feasible to use data in the same ways that you did in the past. On the upside, the GDPR is broadly considered a win for customer privacy.<\/p>\n

2. Controllers and Processors Are Targeted<\/strong><\/p>\n

The language of the GDPR makes it clear that \u201ccontrollers\u201d and \u201cprocessors\u201d are required to follow the new regulation. So what does that mean? Well, a controller is any entity that\u2019s making decisions about what data is collected and how that data is used. A processor is any organization directly involved in collecting, storing, and transferring that data. Sometimes the controller and processor are the same organization, and sometimes one is just using the services of the other. Both must follow the GDPR<\/p>\n

3. \u201cPersonal Data\u201d Is a Key Phrase<\/strong><\/p>\n

Most of the GDPR is focused on protecting what it calls personal data \u2013 so naturally, everyone is curious about exactly what personal data means. The definition can change over time, and in fact one purpose of the GDPR was to expand that definition so that more types of data are protected. Under this regulation, personal data includes basic identification and contact information, but also IP addresses, economic data, health data, and cultural data \u2013 basically, anything that\u2019s been collected about a specific person.<\/p>\n

There are different ways of making personal data more or less anonymous by collecting it in aggregate or limiting how it is collected. The GDPR has more specific regulations for these cases, but basically, if the data can be traced back to an individual, there\u2019s a good chance that the rules will apply.<\/p>\n

4. The Heart of the GDPR Is Lawful Use and Consent<\/strong><\/p>\n

All right, so now we have covered personal data: What are companies supposed to do with it to meet the GDPR? There are several restrictions that businesses must follow:<\/p>\n