+40 256 706 057 [email protected]

GDPR Key Changes

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The key principles of data privacy established by the initial ‘95 regulation still hold true, but many changes have been proposed to the regulatory policies.

Personal privacy

Individuals have the right to:

$

Access and correct errors their personal data.

Individuals have the right to access their personal information, and, if needed, the right to correct possible errors in within it.
$

Object to processing of their personal data

It must be as easy as possible for an individual to withdraw consent of their personal data to be processed.
$

Erase their personal data

Under the Right to Be Forgotten policy, they are entitled to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

Controls and notifications

Organizations will need to:

$

Protect personal data using appropriate security

Privacy by design becomes part of a legal requirement with the GDPR, and calls for the inclusion of data protection from the onset of the designing of systems.
$

Notify authorities of personal data breaches

Breach notifications will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”, and must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
$

Obtain appropriate consents for processing data

Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.
$

Keep records detailing data processing

Transparent policies

Organizations are required to:

$

Provide clear notice of data collection

Companies will have to inform individuals and ask for their explicit consent for capturing their personal data.
$

Outline processing purposes and use cases

Individuals have the right to obtain from organizations confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the organizations shall provide a copy of the personal data, free of charge, in an electronic format.
$

Define data retention and deletion policies

Organizations will need to be able to demonstrated by policy and process how they deal with withdrawal of consent and deletion of personal data.

IT and training

Organizations will need to:

$

Train privacy personnel and employees

$

Audit and update data policies

$

Employ/outsource a Data Protection Officer (DPO) (if required)

$

Create and manage compliant vendor contracts

What GDPR means for your data?

$

Stricter control on where personal data is stored and how it is used

$

Improved data policies to provide control to data subjects and ensure lawful processing

$

Better transparency, record keeping, and reporting

Focus on these four key steps to achieve GDPR compliance

1

Discover

Identify what personal data you have and where it resides.

2

Manage

Govern how personal data is used and accessed.

3

Protect

Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.

4

Report

Execute on data requests, report data breaches, and keep required documentation.

Don’t wait until it’s too late

Given how much is involved, you should not wait until the regulation takes effect in May 2018 to prepare. You need to begin reviewing your privacy and data management practices now. Failure to comply with the GDPR could prove costly, as companies that do not meet the requirements and obligations could face substantial fines and reputational harm.

Prepare your organization for the new GDPR

It will take effect on May 25th, 2018. Don't let time run out!

Pin It on Pinterest