After nearly a decade of work, the EU finally passed the General Data Protection Regulation (GDPR) in April. While it doesn’t take effect until May of 2018, smart businesses are starting to look now at how the sweeping new data-privacy mandate will affect them so they’re ready when the risk of heavy fines kicks in.
The GDPR is meant to remedy the shortcomings of its 1995 predecessor the Data Protection Directive and to ensure homogeneous application of the laws governing individual private information across the EU.
An important distinction to note is that the GDPR will apply not only to companies located in the EU, but to any company anywhere in the world that uses, stores, or processes information about an EU citizen and given the global nature of commerce today, the GDPR is in effect an international regulation.
Like any new law, there will be a teething period where the letter of the law and the spirit in which it is applied will struggle to strike a balance. Until then, there will be many questions, debates, and disagreements as to how it should be applied and to what extent.
One thing that is very clearly defined in the GDPR (Article 24) is that the entity that the data controller (e.g., the company that uses, stores, or processes personal information about any EU citizen) bears primary responsibility for ensuring that data processing activities are compliant with the regulation. In layman’s terms, if you walk into a bank tomorrow morning and provide them with your identity documents and your address to open an account, the bank (the controller) is responsible for the storage and handling of this data as per the GDPR. If it’s done properly, your information will be secure, traceable, up to date and only used for the purpose it was intended.
In a perfect world, the bank, having 100% of the responsibility would also have 100% of the control, but the fact is companies rely on a myriad of products and services from a myriad of vendors to handle your information on a day to day basis.
BlackBerry’s Commitment to Helping Customers Comply with the GDPR
BlackBerry recognizes our customers’ challenges in complying with the GDPR. As a company that does business worldwide, we’ll be held accountable for the data we store on the individuals we do business with in the EU, just as all of our customers will be held accountable for protecting their own customers’ data. Even though we’re not responsible under the law for how our customers secure their own clients’ data, we don’t think it’s fair that our customers shoulder this responsibility alone.
That’s why we develop our products with the GDPR’s requirements in mind as one part of our overall commitment to enterprise security.
While the GDPR won’t take effect for nearly two years, our clients and our partners can be assured that the entire BlackBerry enterprise portfolio is “GDPR ready” today. Our Advanced Assurance Division is equipped and already working with our clients to support a smooth transition.
Being a responsible vendor means moving from a seller/buyer mentality to a joint partnership outlook, where we develop our products to mirror both industry-sector and regional compliance requirements. As BlackBerry’s COO Marty Beard wrote in July, “security is what drives us – it’s in our DNA.”
A staunch advocate of Data Protection and Privacy, Nader brings over two decades of tactical experience in the architecture, development and management of secure, scalable systems. He has worked in a wide range of organizations from startups to multinationals allowing for both depth and breadth of experience focused on enabling business without compromise of corporate security or individual privacy. Today, his role hinges on providing solutions to current challenges faced by BlackBerry’s strategic customers in banking, governance, security and beyond.