How to Be GDPR Compliant: A Complete Checklist for GDPR Compliance
When the GDPR (General Data Protection Regulation) was implemented on May 25, 2018, it represented one of the biggest changes to privacy laws and protections in our lifetime. It’s vital that businesses understand how to be GDPR compliant, what GDPR compliance means, and how to make sure they stay protected.
When the law was implemented, it specified many changes to privacy protections for users and even included operational changes for businesses and organizations that do business online. With so much of our lives now taking place on the internet (shopping, social media, banking, personal data storage, etc), almost every business is potentially affected by the GDPR compliance requirements.
As a company that handles a lot of data ourselves, we understand full well that remote control and compliance go hand in hand. As security and data privacy experts, all of our remote access solutions are fully GDPR compliant.
Whether or not you do business in the EU, every company that conducts business online needs to know how to be GDPR compliant to protect itself from hefty fines from the European Commission. On the whole, these compliance regulations represent one of the most important changes to data privacy in decades. It sets the standard for global data protection for individuals and while it might seem like a nuisance, it’s an important development in online safety (and it’s not going anywhere anytime soon).
Who Needs to Comply with GDPR?
When considering how to be GDPR compliant, it’s important to remember that your business doesn’t actually have to be located in the EU to be required to comply.
While the GDPR specifically applies to persons living within the European Union, it affects nearly every company doing business online. This is because it directly applies to any “controller” and/or “processor” handling the personal data of European citizens, regardless of the business’ physical location.
This means that even if your company is located in the United States and your business is open to people living in the EU, you must comply with the new regulations set forth by the GDPR.
What is GDPR Compliant and How to Comply with GDPR
There is some specific terminology that will help in understanding how to be GDPR compliant. Though the language included in the GDPR compliance requirements themselves is rather formal, here a few terms that are important to understand:
Privacy by Design – More of a foundational tenet than a specific regulation, Privacy by Design is built into the core of how to be GDPR compliant. As you design and build your processes and services, GDPR compliance now dictates that privacy and security be a main feature from the outset.
Mandatory Breach Notification – Under GDPR, it’s required that organizations notify the European Commission of a security breach within 72 hours of discovering the breach.
Right to Access – In a move that aims to give more control to individuals over their data and how it’s being used, EU citizens have the right to access copies of the records of their data. Mainly, as a GDPR compliant entity, you must be able to provide someone with a detailed record of what the data you have on file for them, where it’s stored and what you’re using it for.
Right to be Forgotten – Going one step further than the Right to Access, GDPR compliance also states that individuals can request that their data be deleted. As the data “handler” your company would need to oblige the request by deleting any data you have stored for the user and stop sharing the data with third parties.
Extended Jurisdiction – covered briefly above, extended jurisdiction means that the EU has the new European Commission rules regarding data privacy apply to all companies handling the personal information of an EU citizen regardless of the business’ location (located in the EU or otherwise).
Data Portability – This regulation specifies that users can request their data be transferred from one controller to another. What this means when considering how to be GDPR compliant you must be able to share user data in a “commonly used and machine-readable format.”
What Happens if You Don’t Comply
It’s vital to know how to be GDPR compliant if not because it’s an important step toward data privacy for the individual than because the fines can be astronomical. Non-compliance is separated into two tiers: more severe and less severe (and each depends on both the length of the non-compliance and the total number of users affected by the infringement).
If the EU finds non-compliance to be severe, the fine results in 20 million Euros or four percent of a company’s total annual net sales, whichever is higher. This means that if an infringement is deemed severe enough, the minimum fine is 20 million Euros.
In less severe cases, businesses are looking at a fine of 10 million Euros or two percent of annual net sales from the previous financial year.
How GDPR Compliance Intersects with Secure Remote Access
At Netop, we pride ourselves in building the most secure remote access software on the market today – and that includes full GDPR compliance. Remote control and compliance go hand in hand.
Whether you’re using remote access to support a remote workforce, access important data from the field, or provide remote support to users or staff, it’s vital that your remote access solution provider knows how to be GDPR compliant. These new EU requirements around security and data privacy are here to stay.
We have security experts working non-stop to ensure that all of our software is fully GDPR compliant so you don’t have to. If you’re looking for industry-leading security and remote control that exceeds compliance standards, it’s time to switch to Netop’s GDPR remote access.
Sam Heiney is the Product Manager for Netop Remote Control.