European Union Privacy Law Basics
Europe was facing issues of privacy and data protection since decades. Now, the European Union (EU) has introduced a comprehensive privacy law called the General Data Protection Regulation (GDPR). Under this law, if your business collects, stores, or uses personal information about European residents, then the GDPR can have an intense impact on your business processes.The Data Protection Directive is a European Union directive established in the year 1995 which regulates the processing of personal data within the European Union which is now replaced by GDPR, which aims primarily to give control back to citizens and residents over their personal data. GDPR was adopted on April 27, 2016. And after two years, It becomes enforceable from 25 May 2018.
There Are some Specific Key Terminologies
- Data Subject: A primary key of identification through which one can easily be identified either directly or indirectly like the name of a person.
- Personal Data: An information which is related to data subject like age, address, phone no.
- Sensitive Personal Data: Personal data which is related to genetic or bio-metric etc. like Copy of fingerprints and retinal scan.
- Processing: Anything which is done by using personal data like storing, transferring, sharing, modifying, deleting of personal data.
- Controller: Controller specifies the purpose of processing the personal data.
- Processor: Process the personal data based on the instructions as per controller.
- Pseudonymous Data: A personal data that cannot relate to a specific data subject without additional information that is stored separately, with technological measures to ensure the data is not combined with that additional information.
- Anonymous Data: Data that cannot ever be connected to an identified or identifiable person.
GDPR enforce rules for how companies, governments, and other entities can process the personal data of data subjects who are in the EU.
Some key changes that GDPR brings upon are as follows
- A basis for data processing
- Compliance obligations
- Breach notification
- Data protection officer
- Use of processors
- Data subject rights
Some Key Principles Found In GDPR
- Fairness and Transparency
- Purpose Limitation
- Data Minimization
- Data Deletion
There are several numbers of rights that have been granted by GDPR to data subjects regarding how controllers handle their data.
- Data Access
- Right to Object
- Data Rectification
- Restriction of Processing
- Data Portability
- Right to Erasure
GDPR consider as an important step by Salesforce to move forward in streamlining data protection requirements across Europe. We’ve worked closely with European lawmakers, EU data protection authorities, and industry associations throughout the development and approval of the GDPR.
It's been hard for Salesforce customers to rely on Salesforce to make sure that if they are in compliance with GDPR. Any organization subject to the GDPR can take steps to ensure it is compliant with the law. So what can organizations do?
- Get Buy-in and Build Your Team
- Assess Your Organization
- Establish Controls and Processes
- Document Compliance
There are multiple questions, choices, and complex analyses come into the path of compliance with GDPR. It’s a long but interesting journey, and an organization must undertake with executive support and guidance from knowledgeable internal and external partners. It's also one of the fundamental right to protect our personal data.
Thanks For Reading!!
Blog References: CI Security, Salesforce Trailhead