011 GDPR for Small Business
What Small Business Owners Need to Know About the General Data
Protection Regulation
23 Minuten
Podcast
Podcaster
Helping Small Business market and manage on the Web and beyond.
Beschreibung
vor 7 Jahren
Welcome to Season 1, Episode 011, of Web and BeyondCast, "GDPR for
Small Business." (If you’re reading this in a podcast
directory/app, please visit http://webandbeyondcast.com/011 for
clickable links and the full show notes and transcript of this
cast.) According to Verizon’s 2018 Data Breach Investigations
Report, “58% of malware attack victims are categorized as small
businesses.” And, in the 2017 Cybercrime Report by Cybersecurity
Ventures, they note that “cybercrime damages will cost the world $6
trillion annually by 2021.” It’s with this general risk in mind
that the European Union started the process of updating its
already-existing Data Protection Directive from 1995, and enacted
the General Data Protection Regulation. Or, as some of you might
have heard it as its acronym, GDPR. I’ll call it GDPR for the rest
of this episode. I’ve gotten many questions about this topic, so in
today’s episode, I’m going to do a deep-dive into: What is GDPR?
Who Does GDPR Apply to? What Are the Key Provisions of GDPR for
Small Business? What Actions Should You Take To Be and Stay
GDPR-Compliant? Disclaimer: None of this should be taken as legal
advice. I’m trying to give an explanation of a highly complex,
evolving extraterritorial law, and additional laws, and if you have
specific questions about your situation and the laws that impact
your business, you should seek licensed legal counsel in your
jurisdiction. If you'd like to discuss this episode, please click
here to leave a comment down below (this jumps you to the bottom of
the post), or feel free to contact me here about any other
questions or comments. In this Cast | GDPR for Small Business Ray
Sidney-Smith, Host Show Notes | GDPR for Small Business Resources
we mention, including links to them will be provided here. Please
listen to the episode for context. Key Terminology: Subject - a
living, natural person (so corporate/business entities, governments
or anything other than a living human being don’t count under GDPR)
Personal Data - any data that can identify a subject directly or
indirectly, so some common forms of Personal Data are a living
person’s name, address, phone number, date of birth, and tax
identification number. But, it encompasses any data that fits this
category. Anonymous data does not apply. Personal Sensitive Data,
or Sensitive Personal Data - a class of Personal Data, that should
be subjected to a higher level of protection, includes “data
consisting of racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership,
genetic data, biometric data, data concerning health or data
concerning a natural person's sex life or sexual orientation.” Data
Controller - a person or entity “which...determines the purposes
and means of the processing of personal data” Data Processor - a
person or entity which processes personal data on behalf of a Data
Controller Key Provisions: Data security versus Data Privacy -
chain link fence versus a 10’ solid brick wall. GDPR applies to
customers and employees of your business. Right to Consent ...for
the data you collect about your customers and employees. This
includes access to that data. Right of Access ...to the data about
you. Right to Portability ...exportable and in a useable format.
Right to “Rectification” ...fix inaccurate data or request data not
be used any longer. Right to Erasure ...aka right to be forgotten
...erasure of subject’s data upon request. All of these
aforementioned requests from data subjects are to be responded
within 30 days and you cannot charge them for it--it must be
free-of-charge. Right to be Informed ...in the event of a data
breach, that “is likely to result in a high risk to the rights and
freedoms of natural persons, the controller shall communicate the
personal data breach to the data subject without undue delay.”
(Source)
Small Business." (If you’re reading this in a podcast
directory/app, please visit http://webandbeyondcast.com/011 for
clickable links and the full show notes and transcript of this
cast.) According to Verizon’s 2018 Data Breach Investigations
Report, “58% of malware attack victims are categorized as small
businesses.” And, in the 2017 Cybercrime Report by Cybersecurity
Ventures, they note that “cybercrime damages will cost the world $6
trillion annually by 2021.” It’s with this general risk in mind
that the European Union started the process of updating its
already-existing Data Protection Directive from 1995, and enacted
the General Data Protection Regulation. Or, as some of you might
have heard it as its acronym, GDPR. I’ll call it GDPR for the rest
of this episode. I’ve gotten many questions about this topic, so in
today’s episode, I’m going to do a deep-dive into: What is GDPR?
Who Does GDPR Apply to? What Are the Key Provisions of GDPR for
Small Business? What Actions Should You Take To Be and Stay
GDPR-Compliant? Disclaimer: None of this should be taken as legal
advice. I’m trying to give an explanation of a highly complex,
evolving extraterritorial law, and additional laws, and if you have
specific questions about your situation and the laws that impact
your business, you should seek licensed legal counsel in your
jurisdiction. If you'd like to discuss this episode, please click
here to leave a comment down below (this jumps you to the bottom of
the post), or feel free to contact me here about any other
questions or comments. In this Cast | GDPR for Small Business Ray
Sidney-Smith, Host Show Notes | GDPR for Small Business Resources
we mention, including links to them will be provided here. Please
listen to the episode for context. Key Terminology: Subject - a
living, natural person (so corporate/business entities, governments
or anything other than a living human being don’t count under GDPR)
Personal Data - any data that can identify a subject directly or
indirectly, so some common forms of Personal Data are a living
person’s name, address, phone number, date of birth, and tax
identification number. But, it encompasses any data that fits this
category. Anonymous data does not apply. Personal Sensitive Data,
or Sensitive Personal Data - a class of Personal Data, that should
be subjected to a higher level of protection, includes “data
consisting of racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership,
genetic data, biometric data, data concerning health or data
concerning a natural person's sex life or sexual orientation.” Data
Controller - a person or entity “which...determines the purposes
and means of the processing of personal data” Data Processor - a
person or entity which processes personal data on behalf of a Data
Controller Key Provisions: Data security versus Data Privacy -
chain link fence versus a 10’ solid brick wall. GDPR applies to
customers and employees of your business. Right to Consent ...for
the data you collect about your customers and employees. This
includes access to that data. Right of Access ...to the data about
you. Right to Portability ...exportable and in a useable format.
Right to “Rectification” ...fix inaccurate data or request data not
be used any longer. Right to Erasure ...aka right to be forgotten
...erasure of subject’s data upon request. All of these
aforementioned requests from data subjects are to be responded
within 30 days and you cannot charge them for it--it must be
free-of-charge. Right to be Informed ...in the event of a data
breach, that “is likely to result in a high risk to the rights and
freedoms of natural persons, the controller shall communicate the
personal data breach to the data subject without undue delay.”
(Source)
Weitere Episoden
1 Stunde 9 Minuten
vor 3 Jahren
1 Stunde 9 Minuten
vor 3 Jahren
1 Stunde 3 Minuten
vor 3 Jahren
54 Minuten
vor 4 Jahren
In Podcasts werben
Kommentare (0)