The protection of personal data is a must for any business right now. Developments such as the cloud and social media – and the enormous amounts of data that accompany it – make a new European privacy law necessary.
The GDPR is in fact the result of a revision of the European legislation of 1995; the Data Protection Directive. That legislation was adopted by each member state and interpreted in a different way which eventually led to fragmentation and confusion.
The General Data Protection Regulation (GDPR) is a set of rules that protect the data of European citizens. On may 25, 2018, companies that collect personal data must fully comply with the new set of rules of the GDPR. Personal data is any information by which someone can be identified: a name, address, telephone number, e-mail address, photo, and many other things.
The main innovations in the GDPR revolve around four pillars:
Transparency: Companies should be informing citizens about how the data is collected and processed and that in an understandable way.
Data transfer: Citizens will be able to transfer their data from one service provider to another, for example to change from telecom operator.
Right to be forgotten: Companies have to delete personal data if the person concerned so requests it and if there is no valid counter-argument. Even if the data is already shared with third parties.
Reporting on data breaches: Companies are required to report a datalek within 72 hours, unless they can prove that the leak is no danger for the personal information that is collected.
To obey these rules, companies need to know exactly where they collect personal information, and how this is protected and processed. That is why certain companies are advised to have a data protection officer; a person who is responsible for the enforcement of the GDPR within the company.
Because of the GDPR-law it will soon be clear for every EU citizen what kind of data companies, agencies and sites want about them. Also they will gain insight in what data they already have.
In our next blog you will find few tips to help you get your business compliant to the GDPR.