Last month I wrote about GDPR – the General Data Protection Regulation – and decided to share more about this important data privacy regulation that will be in effect in three months from now on May 25, 2018 and how it relates to the Real Estate and Financial Sectors.
Below are some excerpts from our Clarus GDPR White Paper.
WHAT IS GDPR?
GDPR is the new European Union’s (EU) General Data Protection Regulation law and will bring about the greatest change to European data security in 20 years. The GDPR will make major changes to Europe’s privacy laws and will replace the outdated Data Protection Directive from 1995. GDPR affects organizations on a global scale.
HOW DOES GDPR AFFECT MY ORGANIZATION?
If your company processes personal data or sells goods or services to citizens in EU countries, then you will need to comply with GDPR. The GDPR not only applies to organizations located within the EU but also to organizations outside of the EU if a company offers goods or services to, monitors the behavior of, or holds personal data of EU citizens.
With the rise of data breaches occurring not only within “Business to Business” but also “Business to Consumer” organizations, this has prompted regulatory entities to revise existing standards in place that would address and expand tighter protection of the organization’s data, and their customer’s data.
The GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, and/or analyze personal data.
IN WHAT INDUSTRIES DO DATA BREACHES TYPICALLY OCCUR?
Data breaches occur in all industries, including the Real Estate and Financial sectors.
For example, the Real Estate sector needs to address data collected by:
Landlords of their tenants
Real Estate companies of their buyers and sellers
Architects & Developers of their clients & vendors
Asset & Fund Management companies of their investors
Hotels of their guests
Car parking lots of their customers/tenants
Office/Retail/Industrial buildings of their tenants
Family Offices of their investors
Financial Services firms, such as mortgage companies, banks, REITs, and financial institutions, also need to address personal data in their:
Legacy Systems Financial institutions will need to ensure they have the technical functionality to implement the requirements of GDPR.
Financial Services IoT Platforms Connected devices and the data collected through them that generate personal data used to predict personal preferences and behaviors and build customer profiles so that services are tailored to customer demands and needs.
FOR MORE INFORMATION
Clarus and their Partner IT & Security teams offer comprehensive GDPR Compliance Readiness solutions to help your organization assess your current data compliance exposure, build a plan, implement the processes, and maintain and control ongoing GDPR compliance.
For a full description of the EU GDPR regulations, see www.eugdpr.org.