With lot of buzz around the new GDPR regulation & its compliant end date coming just few days after the facebook data leak issues, its vital for us as technology enablers or solution providers to understand it & how better we can enable such compliances in our applications. Especially when using services like Microsoft Azure & Office 365, there are plenty of resources available that you could better use to develop compliant systems. In this multi part series, we will try to understand what GDPR is & how we can build GDPR compliant systems by leveraging the features in Azure & Office 365.
This simple to read article would brief you on all basic aspects of GDPR, what data it applies to , who is responsible and more.
How did it all started?
The European Commission initiated the plans for data protection reforms across the European Union in order to make Europe fit for the digital transformation. One of the key initiative in that reform is the General Data Protection Regulation or the GDPR as it is widely known. The initial proposal for the GDPR was released on January 2012 & 25th May 2018 is the last date for organisations to be compliant with the regulation.
What it is?
GDPR is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. It majorly concerns about the individual or personal data, how it is stored and processed. The regulation contains provisions & requirements pertaining to handling data that belongs to individuals, which applies to all enterprises irrespective of the location of the business.
Whom it applies to?
This regulation applies to any one who is collecting & managing personal data. The broad categories include
Data Controller – An organisation that collects personal data from any EU resident (It may be you if your application collects personal data from a EU resident)
Data Processor – An Organisation that processes personal data on behalf of the data controller (Say microsoft, if you are storing all your data in Microsoft Cloud) In certain cases, this regulation applies to Organisations present even outside the EU if they collect or process data of a EU resident. The regulation doesn’t applies to data that is processed personally that has no connection with any professional or commercial activity.
What Data does GDPR applies to?
GDPR applies to two categories of data
Personal Data – Any information relating to a person that can be directly or indirectly identify the person. For example data including name, identification number, location data, online identifier & even IP address are included in personal data.
Sensitive Personal Data – GDPR refers sensitive personal data as Special categories of Personal Data. These include genetic data and biometric data where it can be used to uniquely identify a person.
What is the Impact?
With GDPR being in effect, there is one data regulation that is followed across the EU that applies to any organisation doing business within EU leaving even Organisations outside EU but having business within EU. But being said that, having one law across the EU, simplifies the overseeing process & having one supervising authority will make it simpler & cheaper for the business to operate.
With regular threats through the means of hacking, individuals data are exposed in several ways, be it their personal identification details, email credentials, photos and more. Most of this happens as the individual not understanding what data is accessed & how it is used by any system. With GDPR in place, individuals have the right to access their personal data in the systems at ease & know how the same is processed. Also the individual gets noticed by the organisation whenever his/her data is hacked.
This brings us to end of this what’s of GDPR. In the upcoming article, we will see what it takes to be a an organisation to be GDPR compliant, what it means for the individuals, how you can plan for GDPR for the applications you build on Office 365 & Azure.
Share your views in the comments section below.
Read Part 2 of this blog post at Everything you need to know about the new GDPR & the options you have in Microsoft Cloud Eco System – Part 2