So it’s begun. The GDPR has been in effect for more than a month. While that’s not really enough time to be able to gather meaningful data on what’s being done, we can certainly gain some insight and learn a bit from actions being taken by supervisory authorities like the UK’s Information Commissioner’s Office (ICO), France’s National Commission on Informatics and Liberty (CNIL) and the Austrian Data Protection Authority (DSB).
So it didn’t take long for Max Schrems to use the GDPR to file his first complaint. For those of you who don’t know Max Schrems, he’s the privacy lawyer who successfully challenged Facebook Ireland to prohibit the transfer of data from Ireland to the US.
Organisations in Europe and beyond are gearing up to become GDPR compliant, but many are doing so begrudgingly when in fact the exercise should be looked at in a positive light.
The GDPR provides organisations with an opportunity to develop a new philosophy about data governance. It’s a development that will protect your and my personal information from misuse and abuse.
The GDPR is clear
In order to demonstrate compliance with this regulation, the controller and processor should maintain records of processing activities under its responsibility. Each controller and processor should be obliged to cooperate with the supervisory authority and make those records, on request, available to it, so that it might serve for monitoring those processing operations.
There has been an explosion of global data protection regulations.
We’ve expanded our compliance framework to enable multiple regulations.
We’ve outgrown GDPR alone, so we’re changing our name to PrivIQ to reflect that and to focus on providing “Intelligent Compliance, Simply.”