Are you catching the train?

The EU General Data Protection Regulation will become effective on 25 May 2018. Fines for non-compliance can be up to 20,000,000 EUR or up to 4% of the annual worldwide turnover.

Scope

The regulation applies if the data controller (organisation that collects data from EU residents) or processor (organisation that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore, the Regulation also applies to organisations based outside the European Union if they collect or process personal data of EU residents.

What is personal data?

According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

Penalty

Fine of up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in the case of an enterprise, whichever is greater.

Why Architects’ involvement is needed to comply with GDPR:

Many of GDPR’s questions can only be answered by architects with the help of an up-to-date architecture knowledge base:

  • Where is personal data collected? – Is personal consent / opt-out available?
  • Where is personal data stored?
  • Where is personal data transferred?
  • Where is personal data processed?
  • Who are the data owner of such data elements?
  • Is personal data pseudonymised? (meaning that personal data is transformed in a way that the resulting data cannot be attributed to a specific data subject without the use of additional information)

Additionally, architects can maintain the application development guidelines which meet the principles of data protection by design and by default.

Systems processing personal data

Application communications diagrams highlighting data flows that are transferring and/or the applications that are processing the “Customer” data.

Working on GDPR compliance?

Let us show you how SAMU can support you!
Sign up for a personalized demo now …