Currently, vast amounts of personal data are being collected and stored by organizations, often without a clear definition or control on why, how, and by whom the data will be used. Yet that is all about to change when the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.
Established by the European Union (EU), the GDPR is the most significant regulation regarding data protection in the past 20 years. It will give EU citizens greater control over their personal data than ever before. For companies who collect data of any EU citizen, it means a major shift in how they manage and control data.
How does the GDPR Help with Protection?
At Odaseva, we like to think the GDPR is like the Declaration of the Rights of Man and of the Citizen of 1789, but for the digital age. This declaration outlined some of the basic human and civil rights we take for granted today. Now, the GDPR aims at doing similar things but is oriented toward our digital world. While the 1789 declaration signaled “Liberty, Equality, Fraternity”, now we could say we’ll have Property, Liberty, Security!
Under the GDPR, organizations must have a data inventory and be able to retrieve precise description of data for a specific individual. Also, organizations must store only what is needed and authorized, and have the lowest retention possible.
The data subject shall have the right to receive the personal data concerning him or her […] in a structured, commonly used and machine-readable format and from there shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. Organizations must be able to prove to the data subject they have deleted all personal data.
Data security is at the top of many people’s minds, as data breaches seem to happen on a regular basis. The GDPR’s Data protection by Design and by Default requires that data protection is designed into the development of business processes for products and services. An organization should also implement appropriate technical and organizational measures, such as, pseudonymisation, breach detection, and data resilience, or the ability to backup and restore. In case of a personal data breach, controller shall without undue delay (72 hours) notify the personal data breach to supervisory authority.
Odaseva and Salesforce. Helping GDPR Compliance
Salesforce collects a significant amount of user data, which makes it important for organizations to retain solutions that help them comply with GDPR.
Odaseva has responded to this challenge with Odaseva for GDPR, available through its data governance platform. Odaseva makes GDPR compliance easier for Salesforce users by providing the ability to implement Data Lifecycle, Right to be Forgotten, Pseudonymization and Data Resilience and much more in line with the parameters of the GDPR.
To learn more about how Odaseva helps with GDPR compliance, visit www.odaseva.com/GDPR/