With the introduction of the new General Data Protection Regulation, many businesses and organizations are wondering what effect it will have on them. The regulation will come into effect on the 25th of May 2018. In hope to give more control to EU citizens and make companies more thoughtful about data and the protection of it. It will make sure that citizens know what data they are giving, and how it will be shared.
What businesses does it apply to?
The GDPR will apply to all companies that process the personal data of European Union citizens. Therefore, any company that handles or processes personal information of an EU citizen will have to comply with the regulation, thus making it a worldwide global protection law.
What changes will be made from the previous regulation?
The updated law will bring new types of personal data under regulation. It states that any piece of data that can be used to identify an individual is personal data.
As a result companies will need to have a lawful agreement for using personal information. This will be very challenging to companies as they will need to be clear and honest with how they will use the collated data. Also, silence or inactivity from the citizen can no longer be accepted as consent. Therefore without personal consent companies will be in breach of the regulation.
What are the benefits of this?
The main benefit of the GDPR is the protection and control it will provide to EU Citizens personal data. Another benefit is that people will have the right to be forgotten. The new law will state that companies are not allowed to hold data for any longer than is needed. The law also states that the data’s use cannot be changed from its original purpose without consent. If companies want to change the purpose that the data will be used for they have to get new consent from the data subject. Also any data collected must be deleted if the data subject requests.
A quicker and more effective way to resolve breaches:
Unlike the previous regulation which cold have taken up to 3 months to resolve. The new regulation will demand organizations to notify the DPA within 3 days of noticing a data breach. In order to be able to detect a data breach and respond to it companies must make internal changes to their security policies. The regulation will also need to be promoted within the company to make sure that employees understand and can recognize breaches.
How will company’s data handling and processing be monitored?
Companies that process personal data will have to appoint a Data Protection Officer. The DPO will be in charge of monitoring how the company’s data is being handled and processed. This is to make sure that the company is following the law.
Also in order to comply with the regulation one requirement is that companies will have to carry out a risk assessment before carrying out work. This involves working with the DPO to ensure they are following the law. These risk assessments should be done in areas where privacy breaches are high. This is to minimize the risks to people’s data.