What Does It Really Mean?
(What types of business in Canada are subjected to GDPR? Resource: Deloitte Canada)
This new regulation is a response to a growing concern about data privacy. Most people today are quite comfortable handing over personal information such as identification numbers and credit cards and trust that the businesses at the other end will respectfully handle their information. In reality, prior to the GDPR, there was very little regulation on what could actually happen to this data and who would be responsible if things got hacked. The GDPR puts the responsibility back onto the businesses, which will hopefully encourage them to take consumer privacy and data security seriously.
Is it Enough?
Part of the GDPR is ensuring businesses are responsible when they knowingly using your data to their benefit. However, the extent they are required to protect this data is not fully realized. Therefore, businesses with data worth protecting need to take proactive steps to ensure its security and not just how they are using it. At Packetlabs, our security experts provide counsel on your organization’s weaknesses, vulnerabilities and work with you to solve cybersecurity problems before they become a crisis.
Is Your Business Compliant?
If you have data or are in communication with any European citizens you are subject to the GDPR.
“GDPR will change the privacy law landscape for any Canadian organization that deals with the personal information of European Union citizens.”
Dean Dolan, Baker & McKenzie LLP
Here are some ideas on how to audit your compliance:
- Document your data flow (how you collect customer information, how you record chat history, transaction information, how your process data, where you store it, and who has access to it.
- Audit and clean up outdated privacy data – only store data for a certain period of time.
- Do NOT keep any out-of-date personal data that belongs to your employees and customers.
- Secure your IT infrastructure and servers – again, make sure your IT department is following the best practices on their daily tasks. Working with a professional is the most accurate way to ensure your IT infrastructures are solid.
- Safeguard your digital platforms or cloud apps consistently.
- Train staff on how to manage private data properly, such as dealing with sensitive information, reacting to a data breach, managing requests to erase personal data, etc.
- Draft new employment contracts – update the GDPR-related policies on your contract for freelancers, contractors, suppliers, full-time, etc).
- Appoint a Data Protection Officer – If you have over 250 employees and customers, data is a big part of your day-to-day operations, you need a DPO.
- Consult with a legal firm or external IT security consulting company to ensure you have done everything above and beyond to protect your assets and consumer data.
Are you confident in your website’s security and GDPR compliance? Contact us for a free consultation today!