Attention! Changes in Data Protection Regulation
If you haven’t heard about it yet or simply forgot – in 2018 a General Data Protection Regulation (GDPR) comes into force in EU.
Should you care? Hell yeah!
The GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens. The fines for ignoring the law will be up to 4% of corporate revenue or 20M €! Massive!
Baaam… here is what you should know on a basic level
1. GDPR Widens definition of personal data!
Almost all personal data will fall under GDPR regulation, making it almost impossible for organizations to avoid and having to comply with its requirements.
2. Tightens the rules in acquiring consent to using personal information.
Besides having to update your opt-in you will have to revalidate the existing clients with the new regulation opt-in. When asking for consent to collect personal data, it has to be in simple language. Clearly stating the ways information will be used is essential in the opt-in. Another key aspect is that the silence or inactivity of the person no longer constitutes consent.
3. DPO will be mandatory for certain organizations
Assigning a protection officer (DPO) for public authorities processing personal information will be mandatory when “core activities” require “regular and systematic monitoring of data subjects on a large scale” or consist of “processing on a large scale of special categories of data”
4. The GDPR introduces mandatory PIAs
The GDPR requires data controllers to conduct PIAs (privacy impact assessments) where privacy breach risks are high to minimize risks to data subjects. Furthermore, it will have to be done every time before any project involving personal information begins.
5. The GDPR introduces a common data breach notification requirement
Every data breach within 72h of discovering will be required to notify the local data protection authority.
6. The GDPR introduces the right to be forgotten
In short – by the request of the user all the data collected about him has to be deleted. In addition, if the purpose of the data use changes the company will have to ask same user for consent one more time.
7. The GDPR expands liability beyond data controllers
Now not only data controllers are considered liable for errors in data processing activities, but also all organizations that touch personal data.
8. The GDPR requires privacy by design
The GDPR requires that privacy is included in systems, software’s and processes by design.
9. The GDPR a one-stop shop
This allows any European data protection authority to take action against organizations, regardless of where in the world the company is based. Even Ireland.
Luckily, you still have time to make these changes before the regulation kicks in. So do not sleep, start working. Otherwise 20M (EUR) fine or 4% of your profits will be donated to the funds of EU.
P.s. If you have doubts and need help with meeting these regulations contact us. We will help you!