How one Eastern European company is helping others adapt to GDPR

Some of the new data subject rights also help customers feel in control - for example, they have stronger rights to stop how their data is to be used if they change their mind about consent.

As the European Union's General Data Protection Regulation (GDPR) requirements are set to become active on May 25, 2018, Microsoft announced new tooling enhancements to help businesses that are now using Office 365 and Azure services.

As the GDPR is golden standard for data protection legislation globally, POPIA compliance may not be enough, depending on your data handling commitments as an organisation.

Companies that don't secure the information they process properly could see their bottom line severely damaged on top of regulators breathing down their necks.

Writing in the Wall Street Journal, Christopher Mims explains how the search engine giant hoovers up user data through apps, web browsing, and nearly every measure, and how it uses the data to sell advertising, just like Facebook. It is important to note that these rules apply to both controllers and processors-meaning "cloud" will not be exempt from GDPR enforcement, according to the EU GDPR website.

It means GDPR should be approached as an opportunity rather than a burden, and those who have been proactive "are in a far better position going forward", he said.

The responsibility for data protection compliance now lies with the individual company that holds or uses the data, regardless of whether it purchased that data under licence from a supplier like Wilmington Healthcare, or generated it from its own list of contacts.

Companies now need to accept that legal technicalities and opaque terms and conditions agreements will no longer protect them from reputational damage. He is author of the book Information Management: Strategies for Gaining a Competitive Advantage with Data. Of course, choice isn't always appropriate and, in some situations, you can use data without consent, in the same way as under the current law.But you can still build the customer relationship by being clear about what you use data for and why you do it. For starters, a person will need to file a subject access request (SAR) that, as noted by the Guardian, is simply "an email, fax or letter asking for their personal data". GDPR requires a more fundamental change in how data processing is looked at and in how to deal with a certain number of topics such as data security, data loss or data access requests, not only for future, but also existing data.

From the Google-owned driving app Waze to Facebook tools like Marketplace, data is being collected on a much larger scale than most users realize. Also, the detailed requirements will vary between businesses.

Consent is no longer static, so organisations need to provide options to make it is as easy to withdraw consent as it was to give it. It may have no choice, he adds, as GDPR-like laws spread to other countries, including the U.S. Data can be encrypted when in transit or in use as well. But in the new climate of digital awareness, this arrangement needs to be turned on its head making it convenient for consumers to control their data. Over half of respondents to the survey said they had "some" or "significant" increase in dependency on contractors.

If goods or services of Thai companies are available in the European Union or Thai companies track the behavior or location of individuals in the European Union, such Thai companies could be required to comply with the GDPR.

This is perhaps one of the reasons why social media brands are less trusted than other services.

About Imanis Data Imanis Data is the leading provider of Big Data orchestration, mobility and protection for NoSQL and Hadoop.

  • Zachary Reyes