Written by Sebastián Stranieri, CEO of VU
May marked the first anniversary of the European Union's General Data Protection Regulation (GDPR) coming into effect. What does it mean and why is it important in terms of security? GDPR is an innovative regulatory framework that was designed to give individuals control over their data and unify legislation within the European Union, in a context in which digital technologies represent a huge challenge for people and businesses to interact freely and securely with each other, and with the rest of the world.
Since GDPR came into force, most companies that handle personal information of people living in the European Union have had to rethink their security policies and have had to put in place new systems and processes to ensure that individuals can easily understand which of their data is being collected, and in turn have access to tools to correct it, move it around or delete it if it is not accurate.
However, the regulation does not only affect companies within the European Union. Many companies around the world have also found it necessary to improve security in the handling of their customers' personal data. Is this the first step towards a global privacy law? With the changes seen so far, it is safe to say that the GDPR has inspired a global movement in which countries around the world began to adopt new privacy laws. Brazil, China, India, Japan, South Korea and Thailand are some of the nations that have proposed new legislation or implemented changes to existing privacy laws aligned with the GDPR.
A cultural shift is needed to understand the importance of GDPR
From the consulting firm Gartner, they say that more than half of the companies are not fully trained to comply with the procedures and obligations of the new legislation. This is due, in large part, to a broad lack of knowledge about the changes implied by the new regulations; but also to the fact that a profound cultural change is needed to understand the importance of the GDPR.
Companies that have fully adopted GDPR have had to go through this cultural change that starts at the executive level and reaches across the entire organizational structure. At VU we are aware of this, we know our responsibility to protect our customers' privacy and we act accordingly. Ensuring security in the data we handle is the starting point for everything we do.The goal of GDPR was to have a set of privacy rules that are interpreted uniformly across the European continent. The question is whether it has worked. It can be said that yes, GDPR works well and that the cooperation and consistency procedures implemented are solid and effective, but there is a long way to go for both companies and users, which requires a profound cultural change that involves leaving aside certain ingrained customs, specific to each society and community.
How GDPR works if my company is outside the European Union
If your company or business already operates or plans to operate with EU citizens, you will be required to take the necessary steps to comply with GDPR. Any company, brand or service that markets products, processes data, holds or stores user information within the European Union must operate in accordance with the provisions of the GDPR, regardless of where it originates from.
For example, a Latin American company that contracts or sells services and/or products to EU citizens will have to comply with GDPR requirements when collecting and processing customer data. The company will need to give consent when taking customer data and ensure that the data is stored securely. They will also need to make sure that the customer can enforce all of their data subjects' rights.
Connect