In today’s digital age, it comes as no surprise that companies strive to ensure that their solutions prioritize compliance and security to protect both their businesses and their clients. For big companies, enhancing compliance and security programs and processes may become a tedious task as they face new threats every day—threats capable of putting them at risk—resulting into a massive financial loss, or a loss in brand trust among clients.
The relentless need for security, of course, isn’t just felt by multinational companies. From an individual’s point of view, being protected is a basic need, whether this comes in the forms of having a right to data privacy; the proper processing and handling of “sensitive data,” or having greater control over the personal information they share with companies. In an effort to set forth expanded data protection, the European Commission green-lit the General Data Protection Regulation (GDPR), which aims to standardize data privacy laws across the European Union (EU).
The European Parliament and the Council of the European Union approved GDPR on December 15, 2015. Through its approval, it will eradicate the EU Data Protection Directive, EU’s long-standing privacy framework that has been observed by EU businesses and citizens for almost 21 years. GDPR officially started on April 27, 2016. However, the EU gave companies a two-year transition period before its full implementation on May 25, 2018.
The main purpose of GDPR’s implementation is to solidify and standardize data protection laws for individuals from the EU. The regulation affects citizens in a way that will make individuals feel more secure whenever they share personal information, as well as give them enough control whenever they provide personal data. The full implementation of the GDPR, as projected by the European Commission, will take on extreme measures to lessen security risks in order to protect individuals. Another goal is to make way for a more seamless data transfer process by focusing on a unified set of rules, limits, and “pseudonymization,” as prescribed by the European Commission.
The key drivers for the GDPR are the following: pseudonymization, wherein businesses are encouraged to develop or use pseudonyms to enhance privacy; extreme focus on consent, in which businesses should obtain explicit consent from individuals before processing data; the “right to be forgotten,” which allows data obtained from individuals to be erased without undue delay when no longer needed; and data breach notification, wherein companies must notify a supervisory data authority within 72 hours once a data breach has been suspected.
Given this information, many companies all over the world have started taking the necessary steps to comply with the GDPR. While the GDPR’s data privacy laws only apply to EU citizens, it’s important to note how its implementation can affect businesses and companies on a global scale.
Teleperformance, whose clients are based all over the world and whose global footprint reaches far and wide beyond the European landscape, has already changed and created new compliance, security, and privacy policies to meet the requirements of the new regulations. The recent change in our privacy framework ensures that we are already on our way towards complying with the GDPR during its transitional period, in order to adapt to the new regulation covering EU citizens in time for its full implementation in 2018.