By this time, most organizations and companies will be knowing the General Data Protection Regulation (GDPR). All organizations or companies that manage the private data of people who reside in the EU ought to abide by the new law.
What’s Individually Recognizable Data?
Individually Recognizable Data is described as any part of data that can recognize a living person by itself, or in combination with other parts. By tradition, this sort of data has contained street addresses, phone numbers, and electronic mail addresses. Nevertheless, a surge in the amount of existing technology has changed the background a bit.
Nowadays, digital data, for example, an Internet Protocol address, an online image or a social media entry might all be considered as individually recognizable data. This doesn’t imply that all these items are considered like this. It is different in each case. Occasionally, simply a name can be sufficient to recognize a human being. On other times, it cannot be easy to recognize a person even if when many items of data are available.
Tackling Individually Recognizable Data
Prior to the GDPR turns into rule on 25 May 2018, any organization or company that manages the private data of people residing in the European Union ought to perform a check of the data they have and make certain that GDPR requirements are employed in the case of every bit of individually recognizable data that is kept. Checks that ought to be performed contain:
- What data is preserved?
- Where the data is preserved?
- Is there a genuine reason for handling the data; according to GDPR laws?
- Is the data still needed or can it be erased?
- Can the data easily be recovered if a subject access request (SAR) is gotten?
Organizations and businesses should also maintain documents of all the procedures and processes that they have. This contains keeping information regarding the handling and accumulation of all private data including particulars of where it’s kept, for what it is used, who collected it, when it was collected and who is accountable for handling it. This documentation is vital since organizations and businesses don’t only have to abide by GDPR, they also should provide documentary proof of conformity.
Failure to perform an audit or document procedures and processes might lead to non-conformity. This can lead to sanctions. These sanctions contain possibly big penalties of up to 4% of annual turnover or €20m, whichever is more. It’s not only the financial part of non-conformity that organizations and businesses must be cautious of. They should also ponder about damage to their standing.
If customers see that a company hasn’t complied with the latest rules they may be hesitant to provide them their business. This sort of reputational damage can be extremely difficult to overcome.