What is GDPR exactly?
Europe, and any company processing personal data of members residing there, is now covered by the world’s strongest data protection rules. The mutually agreed General Data Protection Regulation (GDPR) came into force on May 25, 2018, and was designed to modernize laws that protect the personal information of individuals.
Before GDPR started to be enforced, the previous data protection rules across Europe were first created during the 1990s and had struggled to keep pace with rapid technological changes. GDPR alters how businesses and public sector organisations can handle the information of their customers. It also boosts the rights of individuals and gives them more control over their information. Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. (Source)
How has GDPR changed things for my business?
Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information. Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.
Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more. (Source)
What are the penalties for non-complaince?
One of the biggest, and most talked about, elements of the GDPR has been the ability for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, it can be fined. If it requires and doesn’t have a data protection officer, it can be fined. If there’s a security breach, it can be fined.
We use Salesforce. What now?
Salesforce is the world’s #1 customer relationship management (CRM) and automation solution. (Source) It boasts millions of users and offers a truly integrated platform with a global “community” to address a wide range of business areas within the sales, marketing, and customer communications. Countless amounts of personal data is stored within Salesforce. However, the platform does NOT provide a way to prevent users from uploading certain types of files or scan attachments, document uploads, or chatter for viruses or malicious content. This leaves companies using Salesforce, who fall under the GDPR rules, open to fines and other penalties. It is vital that all companies using Salesforce immediately install the industry’s leading cloud-based antivirus software, EZProtect by Adaptus.
Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, says GDPR brings in big changes but has warned they don’t change everything. “The GDPR is a step change for data protection,” she says. “It’s still an evolution, not a revolution”. How do you start the “evolution” and avoid the fines of non-compliance? Contact Adaptus to set up a free trial of EZProtect today.