New data privacy legislation comes into force in less than a year, so it’s time to make the adjustments to your software to assure your customers are compliant!
The most important change in 20 years in data privacy regulations in the EU is the General Data Protection Regulation (GDPR), and it goes into effect on May 25, 2018. The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The British government is also adopting the legislation while it remains part of the EU.
What does that mean to you and your customers? If your technology is used to hold and process any personal data or monitor online behavior of EU citizens, then your software should support the legislation’s requirements. It applies regardless of where your customers are based or whether the data processing occurs in the EU or not. And it pertains to existing systems and protocols, including cloud applications, not just new implementations.
Data Protection by Design and by Default
From a technology aspect, the legislation boils down to the use and retention of citizens’ personal data. In basic terms, the GDPR law obligates an enterprise to take specific data privacy measures into account for all current and new technology implementations.
Two elements are at the foundation of a product’s design that will make the technology GDPR compliant: Data Protection by Design and Data Protection by Default. Similar terms also known within the technical community are “Privacy by Design” and “Privacy by Default.”
- Data Protection by Design addresses the type of data the software collects, its intended use, the recipient who will use the data, and how the data will be retained and disposed of. This is an indication of the software’s potential effect on citizens’ privacy.
- Data Protection by Default covers measures that ensure the software only collects the minimum amount of personal data that is necessary for a specific purpose. This is to provide the highest levels of privacy, security and data protection to citizens.
Enterprises will run a privacy impact assessment on any software they operate that needs to be GDPR compliant. Can your product currently pass the assessment?
How can MBX help you get started?
Some tech companies are already touting their GDPR compliance while others may be worrying about loss of business until their technology is appropriately updated. If you haven’t already updated your software, now is the time to start looking for gaps and making the updates to support the new requirements. There are many published guides and assessments to help get you started.
Of course MBX can help, too. Our platform engineers can smooth the transition for your new software image within your hardware-based product. Engineers will ensure software/hardware compatibility with your current platform configuration, and double check that everything is performing up to specifications. Talk to your MBX account manager to get the ball rolling!