GDPR Compliance in U.S. Industries
Updated: May 22, 2019
By Licia Wolf
In our previous blog, the General Data Protection Regulation (GDPR) was discussed regarding its effects on technology security trends for 2018. This regulation is intended to strengthen and unify data protection for all individuals within the European Union (EU), and extends to the export of personal data outside the EU.
The GDPR aims primarily to provide more control by citizens and residents over their personal data. It also simplifies the regulatory environment for international business by unifying the regulation within the EU. The regulation sets ambitious standards for how personal data is processed, stored, and secured.
This new regulation covers:
Responsibility and accountability
Lawful basis for processing
ConsentData protection officer
Right of access
Right of erasure
Data protection by design and by default
Records of processing activities
*Pseudonymization is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. It transforms personal so that the resulting data cannot be attributed to a specific person without the use of additional information.
In general, this new regulation does not affect US companies unless they offer goods and services to EU residents, their data operation monitors the behavior of EU residents, or the company has employees in the EU.
Even if a US company doesn’t think they should worry about GDPR, there are some industries in which companies should pay attention to this new regulation.
GDPR and HIPAA closely overlap in how each regulation manages personal data protection. However, there are two areas of difference that should be noted. HIPAA is more restrictive regarding Personal Health information (PHI) for employment; GDPR tends to be more lenient in this area. Another area of difference involves personal information made public by the person. While GDPR allows any entity or organization to use or process these public data, HIPAA still provides protection for it.
Due to the local nature of their business model, public utility companies are not generally impacted by GDPR. Some exceptional cases may occur in which a utility runs a service arm in the EU, or it may be processing IoT information for an EU-based company. In these particular cases, the utility company would need to be prepared for GDPR compliance.
Public transport companies that move people in and out of the EU will need to be particularly concerned about GDPR. For example, international airlines that collect passenger data such as seating/food preferences or fight frequency must take care to protect these data and follow GDPR guidelines.
Freight and Third-Party Logistics
GDPR is especially relevant for companies whose transport operations include moving freight to and from the EU. Any tracking information could be subject to the regulation. Tracking becomes more complicated if a package is shipping to the EU or being carried by an EU-based employee. Under the new guidelines, the shipper or broker must avoid releasing personal data of the freight employee or the customer. Shipping companies would have to obtain consent from their employees - such as a driver - before providing tracking information to a third party - such as the customer. Without this consent, tracking the package would be more difficult.
The introduction of GDPR brings more challenges to interaction recording and storage. HigherGround’s platform already includes several features that comply with these new regulations, such as redaction, protection of sensitive information, ability to search based on metadata (protecting the actual recorded data), full audit/logging, and encryption. We are ready to meet the challenges of GDPR. For more information on our secure, reliable, and cost-effective solutions:
FOLLOW US on Twitter, Facebook, and LinkedIn to discuss the use of IoT devices and their security vulnerabilities!
About the Author - Tom Goodwin is the Vice President of Marketing at HigherGround. His background in telecommunications and data networking has been augmented with work in data analytics and automated reporting prior to joining HigherGround. Click here for more information on Tom and the rest of the HigherGround team!
HigherGround, Inc. provides best-in-class, reliable data capture and interaction storage solutions that enable clients to easily retrieve critical information. Our interaction recording and incident reconstruction solutions transform data into actionable intelligence, allowing optimization of operations, enhanced performance, and cost reduction.