What is GDPR? According to the World Wide Web, “GDPR” means “General Data Protection Regulation.” This is an international agreement signed by the World Trade Organization and the United Nations Economic Commission to enhance the protection of personal data. The agreement was drafted in response to concerns that certain countries were not adequately protecting personal information and were denying companies trade opportunities with other countries that could help companies provide services or products that would otherwise be illegal if they didn’t comply with regulations regarding personal information protection.
The GDPR, as it was originally written in its definition, requires companies to take measures to ensure that “trans-personal information flows remain secure and do not infringe the privacy rights of individuals”. The principle behind this obligation is that the personal data of individual employees should remain protected from unauthorized access. But how does this impact businesses? Some say that the language of the GDPR can also be interpreted to require a certain level of security for corporate emails.
Not long ago, Georgia Tech released a paper titled ” GDPR Compliance for Corporate Email” that provides a list of possible regulations that could impact businesses. The paper provides a list of the main concerns that can be raised when companies fail to conform to the regulations. This includes legal action, fines, and restrictions on the transfer of sensitive personal information. There is also this subtle reference made by Lewis.
He says that GDPR compliance isn’t an easy task. “There is a myriad of possible ways to implement the Regulation. Perhaps the most important thing is that it sets the standard for what counts as a ‘personal identifier’ – for instance, the name or address of the person who sent you an email.” Cross-referencing information from databases and other sources is a concern and also whether data is able to be copied or distributed without the explicit consent of the sender.
It may be difficult to determine if your business is compliant. The Internet is growing rapidly and organizations may not be in control of how their data are used in marketing, customer relationship management, or employee engagement programs. Additionally, there is a potential concern about the lack of enforcement regarding e-mail privacy. Many people fear that when their privacy is violated, they will be sued. GDPR Compliance involves more than simply following guidelines, however. Guidelines and standards are designed to provide adequate security and protection for personal information and to ensure compliance by those who need to protect it. Here’s more information on Conformité CNIL.
As stated above As mentioned above, the Regulation is geared towards data protection rather than enforcement of the law. It is possible that the Regulation may not be implemented in the same way for all companies or organizations. For instance, some respondents said they were satisfied with the methods that their departments for data protection have implemented to ensure compliance. Others stated that they are cautious about over-extending regulations by the government and believe that it is best to trust self-regulation when it concerns personal data security. Some businesses also believe that the DPOs are not doing enough to protect their interests.
One way to achieve a good balance is to include all stakeholders in the process of deciding and implementing the guidelines and making sure that they follow them correctly. This suggestion was made by a number of respondents to the question and is definitely worth taking into consideration. It may not be feasible for a single information security personnel to manage this project on his own. In addition, a central data protection body should be made responsible for creating and maintaining the guidelines and procedures businesses should adhere to. The body can then act as a guide for all employees in the organization on security concerns and provide training and direction for those who require it.