Contact Us

Contact Us



Pleas confirm by checkbox


Uncategorized

How to prepare for GDPR Compliance

Author_img
By Talentica Software May 21, 2018

What is GDPR?

General Data Protection Regulation (GDPR) requires businesses to protect the personal data of European Union (EU) countries’ citizens. Organizations that collect and/or process data from the EU region must comply with the regulation by May 25, 2018.

What data are we talking about?

GDPR is here to protect the privacy of Personally Identifiable Information (PII) such as:

  • Name and address of a user
  • Web information like location, IP address, cookie data
  • Biometrics
  • Political opinions
  • Device IDs like IDFA, AAID

Who is affected?

All organizations that store or process personal information about EU citizens (no matter where on the globe they are). In fact, this is valid even if they do not have a business presence within the EU must comply with GDPR.

What if an organization is not GDPR compliant?

If any organization is not GDPR compliant by May 25, 2018, then the regulation attracts a penalty of up to €20 million or 4% of your global annual turnover, whichever is higher.

How do you prepare for GDPR?

The following checklist can help you comply with GDPR:

  • Identify if your customer’s product deals with EU data.
    NOTE: The common approach that most businesses are taking across industries is to proactively reach out to their entire user base and ask for their users’ explicit consent. That is a much easier and the most recommended thing to do. But, if for some reason this is detrimental to your business directly or indirectly, identify your available data.
  • If EU data is involved, identify the parameters involved. For example device IDs, email IDs, IP address.
  • Assess whether the data is really required for business. If the data is not required, immediately delete all such data and update your product to stop receiving such information.
  • If any data is essential, find a way to replace the data. For example, replace essential PII data with unique tokens or encrypt the data such that the token or encryption that no one can reverse to identify the person.
  • If you have been storing any PII data, update the data retrospectively.
  • Ensure GDPR compliance of all the entities involved in your business workflow.
  • In case of data breach, notify your data regulators within 72 hours of the breach.
  • Have a provision in your product to facilitate easy capturing of user preferences. This lets the user decide if they want to know the information your product captures, how is it used, and if they want your product to delete or restrict the processing of their information.

What has Talentica done for GDPR compliance?

We understand that our customers are from both B2B and B2C scenarios. It is important for us to create tools or techniques for our customers to achieve GDPR compliance. We have been working to ensure all our customers are GDPR compliant.

Production-deployed customers:

For customers whose products are already in production, we perform the following:

  • Record Consent: Before storing any personal user data, we seek the user’s consent via consent forms and APIs.
  • Compliance Audit: We identify whether any users are in the EU region and whether they have provided consent for data sharing.
  • Consent Record Logs: We store an audit trail of when, where and how the consent was given. The logs include the link, text and a screenshot of the consent form.
  • Data Pseudonymization: We associate unique pseudo tokens for key personal identifiers like email, name and contact information so that there is no direct association with any personal information.
  • Data Encryption: As an alternative to data psedonymization, we encrypt all the personal information. Moreover, encryption also helps in unfortunate situations like data breach or hacks and we cannot use that to re-identify a person.
  • Data Export: Our customers’ users can request an export of all data related to them. We notify customers about such requests and extract the required information securely.
  • Data Deletion: If any of our customer’s users ask for their data be forgotten, we purge the related data. We also disassociate any data pseudonymization for that user.
    NOTE: GDPR Law states that you should finish processing such requests within 45 days.
  • Thirdparty Compliance: We ensure our customers’ third-party integrations providers are GDPR compliant and they send us their user’s consent forms. If not, we urge them to comply with GDPR. If nothing works, we disassociate ourselves from such providers.

Infrastructure management:

For customers whose infrastructure we maintain, we perform the following:

  • Network Isolation: We isolate the infrastructure for EU users on the basis of the GDPR guidelines and setup the servers in EU region itself.

Conclusion

GDPR is unavoidable for anyone working with data about EU citizens. Taking care of this personal data is a responsibility that we share with our customers. A lot of the tools described here are also good practices that we should all be following irrespective of GDPR. By taking good measures, we can all ensure that our customer’s data privacy is fool-proof.

References

Related posts
VPC Sharing Using AWS RAM (Resource Access Manager)
Uncategorized

VPC Sharing Using AWS RAM (Resource Access Manager)

By shekhar.wagh June 18, 2019
Reduce App size with On Demand Resources
Uncategorized

Reduce App size with On Demand Resources

By shekhar.wagh May 29, 2019
iMessage Stickers and Apps
Uncategorized

iMessage Stickers and Apps

By shekhar.wagh May 27, 2019
What is UX Writing?
Uncategorized

What is UX Writing?

By shekhar.wagh April 08, 2019
AWS ECS (Amazon Elastic Container Service )
Uncategorized

AWS ECS (Amazon Elastic Container Service )

By shekhar.wagh March 26, 2019
Scala code analysis and coverage report on Sonarqube using SBT
Uncategorized

Scala code analysis and coverage report on Sonarqube using SBT

By shekhar.wagh March 19, 2019
Introduction to Akka Streams
Uncategorized

Introduction to Akka Streams

By shekhar.wagh March 08, 2019
Decentralized Applications - Utilizing the Power of Blockchain Technology
Uncategorized

Decentralized Applications - Utilizing the Power of Blockchain Technology

By shekhar.wagh March 05, 2019
App Store Connect API To Automate TestFlight Workflow
Uncategorized

App Store Connect API To Automate TestFlight Workflow

By shekhar.wagh February 28, 2019
Using Custom Metrics for CloudWatch Monitoring
Uncategorized

Using Custom Metrics for CloudWatch Monitoring

By shekhar.wagh February 06, 2019

Stay updated

Get the latest creative news from Fubiz about art, design and pop-culture.