The General Data Protection Regulation that are meant for EU citizens data privacy right, will impact all business that have data related to EU citizens. Regardless of the vertical, the data should have process sanitation in place. The deadline is May 25 2018 for the process to be in place for all vendors which support EU resident data.
The idea behind the GDPR is to unify the data privacy requirements across the EU. This is a very stringent requirement and all startups, who has customers in EU should adhere immediately.
Let us first see, who are expected to go for this compliance. As per EU GDPR, the following entities are expected to adhere to this compliance.
“The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”
The failure to adhere to the GDPR is very costly, the penalty is close to 20 million Euro or 4% of turnover. For startups, the failure to adhering to the GDPR will bring them down. With less than 100 days to go, the GDPR should be taken up seriously to become more compliance
The key steps is to assess the privacy and security requirements of the customer data. Most of the startups have tied up with hosting partners. They need to ensure the privacy and security assessments for the hosting partner.
There are multiple road-map to support GDPR, We looked at multiple and found IBM GDPR to be easy to implement. The process is divided into 5 categories
Assess – Perform checklist to understand the scenarios for security and privacy of the customer data
Design – Create a design to look at the mitigation and check gate process to contain the privacy issue and provide entitlements for security
Transform – Transform the process into the realty for the data store and messaging process.
Operate – Put the process into production and backup
Conform – Confirms the audit to ensure the process is in conformance with GDPR.
Hope, our Indian Startups gears up to the adherence to the GDPR and ensure smooth transition.