What Is GDPR?
The EU General Data Protection Regulation (GDPR) is set to take effect on May 25, 2018. This new regulation broadly affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents.
Roles Under GDPR
Under GDPR, there are stronger responsibilities for both data controllers and data processors. Cloud customers who collect and process personal data from individuals are data controllers. A cloud provider, such as smartpropertymanager.com, typically has the role of both a data controller – because we capture and manage information about our customers and also, a data processor – because we processes personal data on behalf of our customers.
Key GDPR Requirements for Our Customers
With the new GDPR requirements coming into effect, businesses using cloud applications such as smartpropertymanager.com should be aware of their data privacy and security needs relating to their collection and handling of personal information. Here are four key requirements we are highlighting:
1. Data Security
Businesses must implement an appropriate level of security, encompassing both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate and leverage encryption, incident management, network and system integrity, and availability and resilience requirements.
2. Extended Rights of Individuals
Individuals have greater control, and ultimately greater ownership of, their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.
3. Documentation and Security Audits
Businesses will be expected to document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate.
4. Data Breach Notification
The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.
To understand and learn more about the GDPR, visit the EU GDPR webpage.
How we can help with GDPR compliance
If you have any questions then please do not hesitate to contact us.