Following a three-month delay due to coronavirus – and more than seven years after its enactment – the Protection of Personal Information (POPI) Act has finally come into force.Continue reading
With a month to go until one of the biggest legislation changes in Europe in the past two decades, many organisations are hard at work implementing processes and policies to become compliant. While the regulation has been years in the making, many have only realised the extent of its effect in the past 12 months. The GDPR has for many been seen as a negative and time-consuming change, however for organisations who deal with customers and suppliers on a daily basis the regulation can present a significant opportunity.
The primary objectives of the General Data Protection Regulation are to strengthen the way data is protected by organisations and ensure use of data is lawful and authorised. Data has fast become an asset to organisations and with data subjects often feeling the worst of the effects when a breach occurs, the regulation will give subjects greater rights and ensure organisations are held to account should a breach occur. Treating data as an asset emphasises the need for protection and organisations who implement the GDPR correctly will feel the benefits of knowing that all their data is securely protected and fit for use.
Data subjects have become a huge focus under the GDPR with articles of the regulation specifically relating to how a data subjects data is treated. One such area under the regulation which has seen a large amount of focus is consent as legitimate grounds for processing data. While some organisations see this a near impossible task there are other grounds for processing data. Organisations who data subjects have given consent to will also have a better relationship and this will likely aid the process of communication and the likelihood of the subject becoming or remaining a customer.
The Right to Erasure is another area implemented under the regulation to give data subjects better protection. This right essentially states that data subjects have the right to request that an organisation removes their data and no longer processes it; in a landmark case, Google recently lost a court case that ruled it must remove a subjects data from its searches. Having the ability to serve these requests will give data subjects added peace of mind and will enhance an organisations reputation.
For organisations, giving customers and partners alike the confidence that the GDPR is being complied with will strengthen relationships and improve how organisations work together. Data breaches have been making news regularly in 2018 and this often leads to reputational damage. The GDPR will ensure that all organisations report more accurately on data breaches and it could be expected that further headlines will follow. Following the GDPR will reduce the chance of a data breach occurring and put organisations in good standing when the breach is investigated by the relevant supervisory authority.
With not long to go until the regulation takes full effect any organisation that is yet to start their GDPR preparations has a long way to go. It is vital to work with suppliers, vendors and partners who can help you become and stay compliant, the regulation is not as simple as being able to tick a box stating compliance, it is an ongoing requirement. Suppliers and vendors must understand the regulation so that they can comply having taken ‘technical and organisational measures’.
Redstor have specialised in helping organisations comply with data protection regulations for 20-years. The GDPR represents a significant change from the Data Protection Act but as an organisation committed to the protection of data Redstor have embraced this opportunity to educate customers and partners and assist them with compliance. To learn more about the GDPR and understand how Redstor can help you comply, you can read the latest GDPR whitepaper here.