Before we get into how to ensure GDPR Compliance and how we at Studio Fintech (A venture of Systango Technologies) help you protect your data let’s take a look at what it is and why it has been brought into force.
GDPR was adopted by the European Parliament in April 2016 to bring data protection rules up-to-date with contemporary concerns around the use of personal information. It applies to all data processed within the EU and to the data on EU subjects used by companies outside the union. It is going to be enforced in Europe from 25th May 2018.
According to GDPR, it’s a fundamental right for EU citizen to ensure privacy of their data. The law has been specifically designed by the European Union to make its citizen feel safe about how their personal data is being handled and processed.
It also makes a security check of the data of the European Citizen to make it safe from the incidents like UBER,YAHOO and the most recent Facebook scandal.
How real is the concern over data privacy?
The concern over data privacy is significant and it grows with every new high-profile data breach that we hear about. In a recent survey by RSA Data Privacy & Security Report, for which 7,500 users across France, Germany, Italy, the UK and the U.S. were surveyed, 80 percent of the users said losing banking and financial data is their top concern. Whereas 76 percent people accepted that lost security information (e.g., passwords) and identity information (e.g., passports or driving license) is also a huge concern.
The reason that IT companies have been put under this regulation is because as many as 62 percent users told the RSA that they would blame the company for their lost data in the event of a breach and not the hacker. In conclusion, the report’s author said that, “As consumers become better informed, they expect more transparency and responsiveness from the stewards of their data.”
As we can see in the past few years, data has become a wealth in respect to Big Data Analysis, Artificial Intelligence, Better User Experiences and so on. The way data is being used for various purposes shows that it needs to be protected. The user needs to be aware that his actions online are not going to put him in trouble.
“As businesses continue their digital transformations, making greater use of digital assets, services, and big data, they must also be accountable for monitoring and protecting that data on a daily basis,” concluded the report.
How Studio FIntech has never had a case of data breach with any of its clients.
Studio Fintech has been very concerned about the term ‘data privacy’ of its clients and how to safeguard their data and henceforth is using the concept whenever required of personally identifiable information (PII), or sensitive personal information (SPI), as used in information security and privacy laws, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
We at Studio Fintech have also been using the concept of ‘Data masking’. Data Masking is a method of creating a structurally similar but inauthentic version of an organization’s data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functional substitute for occasions when the real data is not required.
And Encryption has been one of our important tools to protect data as it allows to securely protect data that you don’t want anyone else to have access to. … Espionage uses encryption to securely protect folder contents, which could contain emails, chat histories, tax information, credit card numbers, or any other sensitive information.
How to Ensure GDPR Compliance?
Some terminologies being used for GDPR are :
- Data Controller : A data controller is the company which controls, collects the data of EU citizens and makes the decision of what is to be done with the data.
- Data Processor : A processor is the data process being done on the direction of Data Controller.
GDPR uses the phrase ‘personal data’.
- Phone no.
- Online identifiers tags, cookies, GPS location data, pixel an IP address
- Some special category information also about religion, ethnic, politic and financial data.
Here are 6 Steps to ensure GDPR compliance :
Identify and document the data you hold :
Conduct a thorough investigation into the data you currently store. Identify where it’s held, any data that’s personal or sensitive, how it’s processed and who has access to it. Document this information as thoroughly as possible.
Review current data governance practices :
Evaluate your current data governance practices and policies, document the lawful basis for any processing and identify any areas that require improvements. Internal records must be kept of any processing activities, with all data tagged and classified.
Check consent procedures :
Under GDPR, consent for any data processing must be specific, granular, and auditable. The consent needs to be simple to understand and easy to withdraw.
The new requirements for consent could force some organisations to approach current data subjects again to request new permission to use their data. Review your current consent processes and establish when consent is needed and how it should be provided to ensure your obligations are being fulfilled.
Assign data protection leads :
A data protection officer (DPO) is necessary for public authorities or organisations that do large-scale monitoring of individuals or of special categories of data or data relating to criminal convictions and offences.
Even if a DPO is not essential for your organisation, designating an individual responsible for data governance will help keep GDPR compliance on track.
Establish procedures for reporting breaches :
Put processes in place for detecting, investigating and reporting breaches and develop an internal plan for responses. Data breach testing can ensure your procedures are effective. Few points for data breach to be kept in mind for Data Controller And Data Processor :
- Authorities should be notified within 72 hours of data breach.
- It is the sole responsibility of the Data controller to report about the data breach to the authorities.
- Therefore even if the data has been breached by the Data Processor, the information has to be sent to the authorities within 72 hours. And hence there has to be constant communication between the Data controller and Data processor.
Rights of data subjects :
Ensure your procedures are adequate for data subjects to exercise their extended rights under GDPR. These include the right to be informed; the right of access; the right to rectification; the right to restrict processing; the right to data portability; the right to object, the right to not be subject to automated decision-making including profiling; and the right to erasure ( the right to be forgotten).
How Studio Fintech has followed all rules and regulations in relation to data privacy
We have seen through many projects as an organisation that need data protection. Many of our apps require client details that if misplaced could lead to losses for our clients. We have always had processes in place to avoid any kind of data breach. Our internal processes were so strong that becoming GDPR Compliant was not a long process for us.
Studio Fintech has been able to follow all the rules and regulations in relation to data privacy. Like keeping the data secure and identifying and documenting the data we hold , reviewing the current data and having constant check on it. Studio Fintech has always been assigning data protection leads and establishing procedures and methods to prevent data breaching.
Contact us for creating GDPR compliant web and mobile applications.