In May 2018 the General Data Protection Regulation, the EU’s response to the data privacy request, will become effective. There will be different and important changes compared to the current Privacy legislation, are you ready to face them?
THE GENERAL DATA PROTECTION REGULATION IS COMING.
WHAT TO DO TO GET TO KNOW THE NEW EUROPEAN REGULATIONS, PREPARE, TAKE ADVANTAGE OF OPPORTUNITIES?
WHAT IS THE NEW EUROPEAN REGULATION ON THE PROTECTION OF PERSONAL DATA.
HERE ARE SOME NEWS:
Only the minimum data required to use a service should be collected. Companies will have to review their data collection practices to adapt.
Companies will be obliged to report data breaches and in case of non-compliance, up to 4% of the company's total turnover may be fined.
Companies will have the obligation to have a DPO (Data Protection Officer)
Users must be informed of their rights and companies must ensure that users are able to exercise them. This change of paradigm, the fact that all people in the EU are the owners of their personal data and therefore the information collected is simply "on loan", will have an effect on the entire workflows connected to the data.
WHAT IS GDPR?
THE GENERAL DATA PROTECTION REGULATION (GDPR) IS THE NEW EUROPEAN DATA PROTECTION LAW. AMONG THE MAIN CHANGES COMPARED TO THE CURRENT EUROPEAN DIRECTIVE, THE GDPR GIVES INDIVIDUALS GREATER CONTROL OVER THEIR PERSONAL DATA, AND PROVIDES SEVERAL NEW OBLIGATIONS FOR ORGANIZATIONS THAT STORE, MANAGE OR ANALYZE PERSONAL DATA.
ONE OF THE ORIGINS OF THIS REGULATION WAS THE INTEREST OF INTRODUCING TECHNOLOGICAL DEVELOPMENTS TO EUROPEAN REGULATION. IN ADDITION TO REINFORCING DATA SECURITY, COMPANIES WILL NEED TO USE THE NECESSARY MEANS TO TRACK DATA IN ORDER TO IDENTIFY POTENTIAL VIOLATIONS, TO ENSURE COMPLIANCE WITH RETENTION DELAYS AND TO ALLOW THEIR ELIMINATION. SECONDLY, COMPANIES WILL HAVE TO ENSURE THE LEVEL OF PROTECTION FROM THE CONCEPTION (PRIVACY BY DESIGN) OF THE NEW TOOLS / APPLICATIONS THAT PROCESS PERSONAL DATA.
Companies must implement new reporting processes for customers (communication of data collected and processed), supervisory authorities (communication of data breaches, treatment records) and executives (impact assessment results, annual report verification of the data protection device).
From now until 2018, companies will have to review the methods for collecting personal data. The introduction of explicit consent, the limitation of processing and the right to be forgotten, require data managers to clarify the type of data necessary for carrying out their activities and to continuously respond to customer requests, including requests for transfer of data. information to competitors (data portability). Therefore, audit work and improvement of existing processes become indispensable.