Your GDPR Questions Answered

Project-based Licensing – Collaboration Made Easier
22nd November 2016
Traditional Software Licensing
How Traditional Software Licensing Solutions Are Slowly Killing Your Business
18th February 2018
Show all

Your GDPR Questions Answered

 

With the deadline of May 25th, 2018 looming, organisations are hustling to become compliant with the EU's General Data Protection Regulation (GDPR).

This article provides practical tips/guidance on how to prepare your business for GDPR:
 
 

My business is not based in the EU - to what extent does the GDPR apply to me?

The GDPR is not sector-specific and applies globally to organisations of all types and sizes that collect, store or process personal data of EU individuals.

If your business is based in the EU you are subject to the GDPR.

If your business is based outside the EU it is subject to the GDPR if it either:

  1. Offers goods or services to EU data subjects
  2. Monitors the behaviour of EU data subjects
 
 
 
 

What's included under the "personal data" umbrella?

According to the definition under Article 4 (1) "personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 
 

I run a private data centre - am I a data controller or a processor under the GDPR?

Let's start with the definitions first. Each time an entity will process personal data it will either wear the hat of a controller or a processor.

In summary:

  • "Controllers" are entities that exercise control over the processing of personal data and determine which data to collect. All organisations are likely to process at least some personal data as data controllers (even if only in relation to their own employees)
  • "Processors" are entities which process personal data on behalf of the controller e.g. outsourced service providers

These 2 roles come with different responsibilities and it is very important that you understand the legal obligations that apply to each role.

In answer to the question, if you're running a data centre you are likely to be both: a controller in relation to the personal data of your employees if they are EU individuals and a processor for your customers who are storing personal data of EU individuals in your data centre.

 
 

Preparing for the GDPR - where do I start?

Below are the first three steps which are crucial for every organisation:

  1. Data Inventory: Identifying what data you hold is a key first step. Start assessing your existing database by documenting what type of personal data does your organisation process and by mapping data input and output sources.
  2. Classify, classify, classify A well-planned data classification system makes essential data easy to find and retrieve. Make sure you differentiate between personal data and sensitive data (e.g. personal data concerning health, genetic and biometric data, data revealing racial or ethnic origin, etc. - see Article 9).
  3. Data cleanse and Future-proofing all personal data which is stored and used by your organisation needs to be cleansed & de-duplicated. GDPR is strengthening data subject rights so anyone requesting their personal data file must receive it within 30 days & free of charge.

Decide what processes you need to update or implement: e.g. handling information requests, deletion of data, data portability, security frameworks, etc.

 
 

My organisation is using a combination of Google Suite and Microsoft Office 365 and all our data records are stored in the cloud. If they are compliant am I still responsible for securing my data?

Both Google and Microsoft have announced that are committed to ensuring compliance of their services with GDPR and that they will be rolling out contractual amendments in advance of May 2018, when GDPR kicks in. However, by just moving all personal data to these cloud services it doesn't mean that you're compliant and you still need to fulfil the responsibilities of your role as a data controller (your organisation's settings for the service, who do you give access to). It's important to remember that compliance remains a shared responsibility.

The GDPR will push every organisation that handles personal data of EU subjects to become more robust in their ability to demonstrate that they can protect the privacy of the data and bring their privacy policies and programmes to a new standard of security.

 
 
 
 

How can 10Duke help?

Our 10Duke Identity Provider and 10Duke Entitlements can help you achieve compliance by ensuring that all user access to data is logged and an audit trail can be provided when required. Also, the users' personal data that is held by the Identity Provider can easily be exposed to the end user so that they can control, via self-serve, what data is stored and to which services/partners it is shared. If you're interested in learning more, please contact us via our website.

 
18th August 2022

Cloud-based Software Licensing | The Modern Way

Every kid coming out of Harvard, every kid coming out of school now thinks he can be the next Mark Zuckerberg, and with these new technologies […]
11th April 2022
To build or buy a software licensing system

Software Licensing System – The Build vs. Buy Conundrum

To build or buy a licensing system – the huge question all growing software vendors will face. This blog will help you make an informed decision.
13th December 2021

Licensing As a Service – Why It’s the Modern Way of Software Licensing

Licensing as a Service, a new method of software licensing, offers flexible and effective means of monetizing software products quickly and easily.
20th August 2021
10Duke 101 - Understanding 10Duke Licensing

10Duke 101 – Understanding the Basics of 10Duke Licensing

A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration […]
12th May 2021
Software Activation 10Duke

Software Activation – The Good, The Bad and the Modern

Software Activation is a technology that verifies a software product has been legitimately licensed for use. Learn how to do it effectively.
29th March 2021
password

Is Sharing Really Caring? Not If It’s Your Password

Password sharing may seem harmless, but it actually puts your business, employees and customers at risk. Find out why what you can do to prevent it.
18th February 2021
How to Protect Software IP?

Software IP Protection – How to Protect Software Intellectual Property?

Software IP protection strategy is not just about limiting access. The best IP protection software also aims to enhance customer experience.
25th January 2021
perpetual licensing (1)

Why You Should Stop Selling Perpetual Licenses to Your Product

It’s no longer financially viable for software vendors to offer a ‘one size fits all’ perpetual software license model.
18th January 2021
servers zap white bg

License Servers – A Ticking Time Bomb For Your Software Business?

License server is an outdated legacy solution that is blocking software companies from scaling up. Learn why and how to overcome this licensing problem.

With the deadline of May 25th, 2018 looming, organisations are hustling to become compliant with the EU’s General Data Protection Regulation (GDPR). This article provides practical tips/guidance on how to prepare your business for GDPR.

Schedule a Demo