The General Data Protection Regulation (GDPR) takes effect on May 25, 2018 and supersedes the current data protection directive and law in force. Below are your main ideas as well as the full rules.
Information to data subjects
The regulation obliges to inform about the legal basis for the processing of data, storage period and transfer of data. All privacy policies and texts providing information to data subjects must be reviewed.
Exercise of data subjects’ rights
The regulation obliges the data subjects to exercise their rights. In this way, requests for the exercise of this right shall be monitored and documented with maximum response time, right to data portability, data deletion and third party notification of the rectification or deletion or limitation of treatment requested by the holders.
Data subject consent
The regulation obliges to control the circumstances in which the consent of the holders was obtained when this is the legal basis for the processing of personal data. There are a number of requirements for obtaining such consent and failure to comply requires further consent.
Nature of Data
The regulation defines the concept of sensitive data that are subject to specific conditions for their processing, namely automated rights and decisions. An example of sensitive data will be biometric data. Depending on the size and context of these specific data processing, it may be mandatory to appoint a Data Protection Officer, who, if it is not in the company’s interest to hire or appoint this new element, our Data Protection team will also make this available. service as part of our solution.
Documentation and registration
The regulation requires a documented record to be kept of all personal data processing activities. Organizations are required to demonstrate compliance with all requirements arising from the application of the Regulation.
The regulation requires the subcontractor to ensure that he holds all authorizations of data controllers. Subcontracting contracts will need to be reviewed to include a broad set of information to protect data subject information that is often handled by several entities without their knowledge.
Data Protection Officer (DPO)
The regulation introduces the figure of the Data Protection Officer who will have the role of controller of the security processes to ensure the day-to-day data protection of the company. Although not compulsory for all companies, the existence of the same or an external service that guarantees this function can add much value to the compliance process.
Security Processes and Data Processing
The regulation requires close control of the risk associated with the possible theft of information. This risk control should be ensured by effective security measures that ensure confidentiality, data integrity and prevent accidental or unlawful destruction, loss and alteration, or unauthorized disclosure / access of data.
Data protection from conception
The Regulation stresses the need to evaluate future data processing projects early and rigorously in order to assess their impact on data protection and to take appropriate measures to mitigate these risks.
Notification of Security Breaches
The regulation requires that any security breach that results in a risk to the rights of data subjects is reported to the supervisory authority as well as the data subjects.
However, you have the power to turn off your cookies, in your browser options, or by making changes to security program tools.