Let’s talk big picture…
The way we use Personal Identifying Information (PII) has vastly transformed the digital economy in recent years. Advancements in technology that captures, stores, organizes, and analyzes PII have made way for some pretty remarkable means of increasing efficiency and generating greater revenue. And who’s not a fan of that?
So how’s it changing?
Going into effect May 25th 2018, the EU’s new GDPR has serious implications for worldwide companies, so be sure to pay attention. These new regulations warrant that the rights of any individual residing in the European Union will be enforced, even if their data is being processed by companies outside the EU. The focus of the new regulation is to increase user rights as well as increase accountability for people storing or processing data.
If you’re looking for evidence that they mean business, just look at the fines. Up to 20 million euros or 4% of a company’s annual worldwide revenue, whichever is greater. By the way, once the new GDPR goes into effect, that will also include subsidiary companies and partners, even if a subsidiary was not directly involved in processing the data in question. The GDPR also makes it easier for individuals to bring private claims against organizations, including breaches that result in non-material damages. You heard right, individuals can receive compensation for emotional damages as well as financial. Sound a little daunting?
Start planning now…
There are several techniques that organizations can employ to remain in the good graces of the GDPR’s supervisory authorities. The big ones are Anonymization and Obfuscation. By removing PII from data sets, the process of anonymization renders the subject of the data anonymous.
Obfuscation ensures that existing data can’t be traced back to a specific individual. It’s a means of processing information that isolates certain identifying data and organizes it in separate places so that a person might be identified only by combining information from multiple locations.
Kind of a mouthful, huh?
Let’s break it down some more. The whole point of these tighter sanctions is to protect users from being specifically identified based on the information being gathered from their data. There’s no denying the value of the information and in fact one of the pillars of the EU’s Digital Single Market directive is to “[maximize] the growth potential of the digital economy.” The new GDPR is simply aiming to ensure that individuals, and organizations that store and process PII, are all on the same page and level playing field.
The light at the end of the tunnel…
If you’re in an industry dealing in PII (financial, medical, educational, employment) just to name a few, these new regulations make it more important than ever to have a strong Enterprise Content Management system with seamlessly integrated Records Management. Furthermore, having an open line of communication with your ECM system provider to communicate your changing needs will be an invaluable tool in navigating the changing landscape of data protection regulations.
These regulations aren’t so scary if you truly have control over exactly how your data is organized, who can access it, and when it gets disposed of. And if you don’t already have these capabilities, then you’re not getting the most use out of your data anyway.
Just think of these new sanctions as a great excuse to improve efficiency within your organization by adding structure to your data.
After all, the tighter you run your ship, the smoother the sailing.
