What is the GDPR?

At BDO Digital we hear buzzwords like machine learning, big data, and data analytics daily. All of these rely on the data we have, and how we use it. The General Data Protection Regulation (GDPR) will have a large impact on anyone working with handling, or processing of personal data. This article will be the first in a series that explore and explain what the current Norwegian rules are, and how product development needs to change to adapt to GDPR. We will begin with a short intro to what the GDPR is and what it means.

Today, every time you use the internet you are leaving a digital footprint. By using a software or a service, you’re providing companies with more personal information than you realize. For example, if you own an android phone press this link to see how Google has been tracking your every move for years. Companies use data like this to (hopefully) learn how to provide us with better services. The truth is that most of us do not read 75 pages of terms and conditions, we just want to get things done, and we get things done by pressing “I accept the terms and conditions”.

However, is this really how we want things to work? We don’t think so, and neither does the EU. The General Data Protection Regulation (GDPR) is EU’s new regulation which will permanently change the way companies collect, store, and use customer data. The regulation will be implemented on the 25th of May 2018, and according to Dell most companies (97%) have yet to come up with a plan on how to deal with GDPR. Quite surprising considering how the fine for failing to comply with the new regulation can be up to 4% of the annual global revenue of the organization.

What does the GDPR mean for you?

As a consumer you’re given more rights. The most noteworthy ones being:

Right to access — A copy of your data, and how it’s being used.
Right to be forgotten —Ability to withdraw consent to use your data, and to have it deleted.
Right to be informed — Before data is gathered you must be informed. In addition, consent to use this data must be freely given rather than implied.

The days of your data being a free-for-all is over. Organizations are no longer allowed to use your data however it sees fit without clearly informing you about it. Organizations that work with personal data must appoint a data protection officer who is in charge of GDPR compliance. This is to ensure your data is safe, and used appropriately.

What does the GDPR mean for BDO Digital?

As I’m writing this article, the GDPR is almost a year away. Even though BDO is part of the 3% who has a strategy on how to prepare for the GDPR, updating processes and tools for a large company requires a lot of work and time. We have to stay ahead of the curve, so the solutions we are working on today are viable in the future. We need to make sure we have the expertise to integrate GDPR compliant privacy into our solutions as soon as possible. My blog series is intended to work as a reference guide for us on how to approach and adapt to the new changes introduced by the GDPR. Stay tuned!

P.S. It’s worth noting that these articles will be based on Norwegian law, and should therefore not be used as a reference in other countries.