General Data Protection Regulation (GDPR)

GDPR: The countdown is on. Are you ready?

GDPR, or the General Data Protection Regulation, enforceable on May 25, 2018, strengthens data protection provisions for all EU citizens. But the impact of the GDPR goes well beyond EU borders. Companies inside and outside the EU (including suppliers, vendors, and outsourced organizations) that collect, hold, or process data about an EU citizen are required to comply with the law. And penalties are severe–up to 4% of annual global revenue.

The full text of the regulation is quite dense, but we’ve highlighted a few critical concepts here.

The Countdown to the GDPR Deadline Is On


It’s about putting people first

GDPR signals a shift in how we think about data privacy. Because it’s not just about the data—those bits and pieces of personally identifiable information (PII) typically flagged for privacy. GDPR focuses instead on the fundamental rights and freedoms of data subjects (that’s you and me).

The New Data Subject

Under the new regulation, any data that can be used to identify a person is personal data. Birth dates and social security numbers? Sure. But that also covers genomic data, health records, financial information, social media profiles, and more.

Purposeful Consent

With a new focus on the data subject, consent becomes increasingly important. Businesses will need to make sure people understand what they are consenting to, how their data is being used, and how they can withdraw their consent should they want to.

Greater Control

GDPR regulations protect access and portability of personal data. They also grant the data subject the right to be ‘forgotten’ or erased. And when a data breach occurs, companies will be required to notify those affected within 72 hours.

It’s less than one year until the General Data Protection Regulation (GDPR) becomes enforceable. Are you ready? If you’re like most organizations, the answer is probably no.

But with 100% compliance required on May 25, 2018, and fines of up to 2-4% of global revenue for non-compliance, the pressure is on to comply. Test your knowledge of the GDPR with our interactive quiz.


Take the Quiz

It’s about how data is being handled

For data to be used, it can never remain static. That’s why another fundamental tenet of GDPR requires companies to understand how personal data is being handled across the organization.

Every company will need to have an end-to-end understanding of how data is captured, transformed, held, and destroyed.

In effect, GDPR requires companies doing business in or with the EU to embrace “privacy by design” and have processes in place to monitor the location and quality of data, the person accountable for that data, and the controls being applied to that data.

How data governance can help

Effective tools and a strong data governance framework can help your organization achieve true “privacy by design” and adhere to robust new privacy laws. To implement a data governance strategy, business will need to understand how their data flows from system to system and align the appropriate business users with those identified processes.

The Collibra data governance platform provides:

  • A centralized inventory of personal data items across the business and technical landscape
  • Governance accountability and workflow for personal data ownership, definition, and requirements

  • Searchable, end-to-end traceability of personal data across the process and technology architecture and across the data lifecycle
  • Detailed data sharing agreements outlining how the organization shares personal data both internally and externally