EU GDPR MEANS BUSINESS
GDPR means business
With 25th May just around the corner, the countdown to GDPR is getting shorter by the day. Standardizing all aspects of personal data collection, its privacy and use, if you work in the EU or do business with a member state, GDPR applies to you. GDPR enforces organizations to be accountable for all personal information on their networks. They must know:
- What personal data they have
- Who is using it
- Where it is saved
- How it is secured
- How it is transferred internally, within the EU or abroad
- Its relevancy
- How to delete it
Who is who
- Data Subject, person to whom the personal data belongs
- Data Controller, person / organization legally accountable for everything related to personal data and its processing.
- Data Processor, person who handles personal data.
- Data Protection Officer, person monitoring compliance with GDPR regulations and the point of contact to its Supervisory Authority.
- Supervisory Authority (SA), member state’s representative responsible for all aspects related to GDPR legistlation in their state.
GDPR basics
Right to be forgotten and erasure
Personal data can be removed, erased or restricted if it is inaccurate, no longer required or pending verification.
Right to data portability
As owners of their personal data, data subjects can permit more than one organization to collect and process it.
Data protection by design and by default
Data controllers are required to create a protective environment for the collection, handling and storage of personal data. This includes defining access permissions, passwords and data encryption.
Notifying the SA
Data Controllers must update the SA on all data breaches that are likely to risk the rights and freedom of individuals within 72 following the discovery of the breach.
Communicating a personal data breach to data subjects Data controllers must immediately report all breaches of unencrypted personal data to its owners. A full description of the incident and how it is handled must appear in the report.
What happens if you fail to comply?
Fines for not organizing personal data can reach 2% of an organization’s annual turnover, while failing to report data leakage may stretch to a colossal €20M or 4% of last year’s total annual global turnover. If unprotected unencrypted personal data does leak, data subjects are eligible for compensation.