GDPR Requirements: Two Years Later
The GDPR (General Data Protection Regulation) is legislation governing data protection in the European Union. It was created to protect personal data, providing citizens of the EU greater control over personal information.
Broadly, the GDPR forces companies to assume full responsibility for all data they collect. It entered into law on May 25, 2018.
GDPR REQUIREMENTS
The road map for a corporation to achieve GDPR compliance requirements varies from source to source. Generally, however, it means receiving consent to collect personal data and demonstrating transparency in the data collection and storage process.
Every business within the EU should understand what is being collected, how it's being used and how long it will be kept. This includes companies that collect data from citizens of the EU or people living in the EU at the time of collection. (A U.S. citizen working in the EU would have her data protected under the GDPR.)
Corporations are required to detail the specific ways in which they use customer data. Personal data includes names, address, photos, IP address and health records.
Within the law, there exist GDPR categories of data subjects. These categories exist to prohibit the processing of specific personal data including race, ethnicity, political and religious affiliations, sexual orientation and genetic data.
They may only be processed if the case meets a designated exemption, such as a legal proceeding or matter of public health.
Additionally, corporations must report data breaches within 72 hours of first finding out. Citizens also maintain the "Right To Be Forgotten," a concise way for individuals to request that data is deleted from a database.
Proper record-keeping and note-taking can help to meet GDPR requirements. The GDPR requires that corporations maintain written records including data-processing plans, descriptions of the categories of personal data and intended length of data storage.
Further documentation and backup, including consent waivers and a data storage blog, are recommended to prove that GDPR requirements are met. It's also recommended that companies employ a Data Protection Officer (DPO).
Fines for falling out of compliance can be as high as 10 million Euros or 2 percent of global revenues, whichever is greater.
SNOWFLAKE'S ROLE IN GDPR COMPLIANCE
Database architecture can set your company on a path towards fulfilling GDPR requirements.
As we approach two years since the data reform policy entered law, there's tangible evidence to support the program's success and staying power.
The U.K. Information Commissioner's Office estimated that the total breaches reported in 2019 will number 36,000, potentially doubling the previous year's sum.
Fines during year one appear quite significant, but Google was on the receiving end of a 50 million Euro fine that inflates the first-year collection totals.
Snowflake offers flexibility in database architecture that promotes GDPR compliance while still providing continuous data protection.
Automated recovery measures can pose a challenge to GDPR requirements such as "Right To Be Forgotten" and ETL-driven data sharing processes can pose a significant risk to GDPR compliance. See how Snowflake's unique cloud-based architecture can securely can meet GDPR standards while also providing data warehousing security.