The European Union’s General Data Protection Regulation (GDPR) comes into force on May 25. You may ask yourself, why should I be worried about this regulation if I am overseas?
Well if you are doing businesses with any European individual, keeping their information on your systems which are overseas, then you should be worried about this regulation. Just keep reading.
GDPR dictates how to collect, store, process and share personal data, so there is a lot to think about.
But what is personal data? Well, for GDPR ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are: IP address, mobile number, name, address, etc.
What do you need to do? Basically, you have to run the same exercise you ran or are running for the Mandatory Data Breach Notification which is coming into place in Australia next month.
In general, what you have to do is identify where personal information is stored in your systems, how you manage it, how you protect it and what steps you have to take to report a breach.
Contact our consultant team if you need assistance with any of these steps. We are here to help.
Until next Monday Malware. Be safe out there.