Decipher the GDPR’s complex language using Microsoft and Tech Data’s jargon-busting guide to ensure your business stays on the right side of the new law.
3. The data controller is the person,
enterprise, or public body who collects
and then decides how any personal
data from a client or customer will be
processed and for what reason.
4. From companies, charities, and Government
departments to individuals including sole
traders, MPs and GPs – all are ‘controllers’ of
the personal data they receive. For instance,
when someone opens a new bank account,
the bank collects the client’s personal data,
becoming the ‘controller’ of the data.
6. The data processor is
the person, enterprise, or
public body that receives
the personal data from the
controller and is charged
with processing it for them.
7. Let’s go back to that bank ‘controller’. After
collecting the personal data from the new
customer, the bank sends it onto a third party –
say, a data centre – to be catalogued and stored. In
other words, the third-party processes the data on
behalf of the bank, becoming the ‘data processor’.
Ultimately, both the controller and the processor are
now responsible for the customer’s personal data.
9. For instance, an
accountancy firm is:
The Data Controller –
Because it collects personal
data from the client.
The Data Processor –
Because it typically processes the data
in-house to provide its accountancy services,
i.e. personal tax returns, audits, etc.
10. That all said, what qualifies as
personal data in the first place?
12. In a nutshell, personal data is any
personal information relating to an
identified or identifiable person.
This includes the obvious (full
name, gender and home address),
to the more obscure (cookies, IP
addresses, fingerprints) and more.
13. For the information to
qualify as personal data,
imagine a list of first
names drawn up by your
company to find out, say,
the most common first
names of the people who
buy your products.
14. By themselves, the
names are anonymous.
But add surnames
and job titles and this
increases the likelihood of
identification, meaning all
the data is now personal
data so must adhere to
GDPR regulations.
17. GDPR covers every
conceivable process you
can imagine (and more).
From adapting or altering
personal data to combining
or disclosing it. This includes
storing data to destroying any
personal data. The processor
(and in turn the collector) will
be subject to the rules – and
penalties – of GDPR.
19. If that all sounds like a minefield to
negotiate, you can protect yourself
using pseudonymisation. This is
data that’s secured in a format
not directly identify an individual.
To ‘unlock’ it, separate additional
information must be introduced.
21. They have a Mr Bill Gates
on their database with all
his personal data details. To
pseudonymise, you would
instead list him as ‘User
XYZ12345’.
22. To identify Mr Bill Gates and
his personal data, a separately
stored mapping table is applied
to ‘map’ the real name to the
User ID. That’s the basics of
pseudonymisation.
23. What this regulatory
jargon – and the GDPR’s
overall aim – represents
is simple. It’s not about
introducing ‘threat’ to your
customer’s enterprise.
It’s an opportunity for
enterprises to build trust
with wary consumers
whose personal data
has previously been up
for grabs to the highest
bidder, or simply abused.
24. And trust is good for business; nearly
50% of consumers would be comfortable
sharing personal data with internet
services if privacy was guaranteed.
50%
25. For Microsoft and Tech Data, trust
is integral to our GDPR commitment
– whether you choose to secure
your customer’s systems using
Azure, Dynamics, EM+S, Office
365, or Windows 10. Microsoft’s
technology suite represents more
than just an out-the-box product.
They consider it our mission to
support on your customer’s journey
to complete GDPR compliance.
26. So while the GDPR may seem to loom
large like a dark cloud, its silver lining could
eventually eclipse it, enabling you to boost your
sales and protect your customer’s reputation.
27. Takeaways
Strip away the scaremongering
surrounding the GDPR and
uncover what changes need
to be made to ensure your
customer’s enterprise is ready
for the switchover.
Start preparing your
customers for that change
now, not later – if you
need help drawing up your
transition strategy, bring in
a third-party consultant.
View the new regulation
as an opportunity to
build consumer trust,
not as a threat to your
bottom line.
28. Visit the Tech Data hub to see
how Microsoft technology drives
our mission to secure the best
privacy, security, compliance,
and transparency for our
partners and their customers.
VISIT NOW