“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
Privacy and greater control of data on EU citizens, by the citizens themselves, is at the very core of GDPR. Accordingly, you can expect Privacy by Design and by Default to be critical components of an organization’s systems and/or services that process or store data of EU citizens.
Here are the highlights of Privacy by Design and by Default as GDPR defines them:
Privacy by Design: When a new system or service is being developed, and it will process or store data of EU citizens, the organization must be able to show:
1) Appropriate security measures are in place to protect the data
2) Continuous monitoring for compliance with GDPR is being performed throughout the lifecycle of the system or service
Privacy by Default: Maximum privacy settings are enabled from the start. For example, if a citizen of the EU is signing up for a service online that requires them to provide their address, email address and phone number, these pieces of data must by default be kept private. In fact, GDPR specifically prohibits settings that by default make personal information available to an undefined number of individuals.
Unfortunately GDPR does not provide much in the way of specifics regarding how to accomplish its requirements. However, we can help. Contact us today if GDPR compliance is going to affect your organization and we will assist with preparing it to achieve compliance before the May 25, 2018 deadline.