What is GDPR?
The more the nodes in a network, the more are the issues of data leak. To cut short the nodes the Data Protection Directive of 1995 was replaced by GDPR confined to EU countries.
GDPR applies to ‘Personal data’– This means any information which relates to someone who can be recognized. As privacy is the fundamental right of the person so the same applied to the individual’s data.
Now EU has passed the GDPR, following which any data related to the EU citizen inside or outside of the EU must be handled as per the instruction of GDPR.
The General Data Protection Regulation (GDPR) (EU) is a newly introduced regulation in EU law which is based on data protection and privacy of all individuals in within the European Union. It discusses the exportation of personal data outside the EU within the instructed way in GDPR.
The GDPR means basically to provide power back to residents and citizens over their personal data and to elucidate the administrative conditions for global business by allying the regulation within the EU.
The Countdown Has Begun
While the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC). It was adopted on 27 April 2016. It becomes enforceable from 25 May 2018, after a two-year grace period.
GDPR increases the scope of EU data protection law to all foreign companies processing data of EU residents. This EU agreement regulation will be actively applicable for organizations across the world.
With the demise of Safe Harbor, U.S. organizations that transship moreover manage the personal data of European residents are also bound to comply with the current elements put ahead.
In case your organization experiences a data infringement, under the new EU compliance model, the following may implement based on the cruelty of the breach:
Your organization obliged to notify the regional data protection authority and likely the owners of the breached data.
Non-compliance could be costly…….
It presents a harmonization of the data protection regulations throughout the EU, whereby creating it easier for non-European companies to comply with these regulations, however, this comes at the cost of a strict data protection compliance regime with strict & expensive penalties of up to 4% of worldwide turnover or €20 million, whichever is higher.
The GDPR also effects a new set of “digital rights” for EU citizens in an age of an appreciation of the economic value of personal data in the digital economy administration.
Whom does GDPR apply to?
Sensitive data — genetic and biometric data
Key points of GDPR
The GDPR focuses on developing the trust among its customers to maintain its value and to keep the simplicity and transparency at its best.
GDPR also focuses on eliminating the ambiguity and keep the data safe to the best extent under the thumb of customers.
The customer should be informed about the way their data is being processed and they must have the choice of the data they wish to process. GDPR provides the customers with the same freedom to access their information.
GDPR is not only customer centric but also targets the firms outside the criteria its specificity is not limited but vast.
Unlike directive, The governance of data under the norms of GDPR does not involve the consent of legislation from state government and invites the complete involvement of the customer.
How to prepare for GDPR?
1- Set a sense of seriousness that comes from top management.
2- Includes all the stakeholders.
3- Conduct a risk evaluation.
4- Hire or appoint a DPO (Data Protection Officer).
5- Create a data protection strategy.
6- Implement steps to decrease the risk.
7- Setup a process for open-ended assessment.
What is “RIGHT TO BE FORGOTTEN”?
Basically, this means that an individual can ask for their data to be removed or deleted when there is no compelling logic for a business to continue processing that information, it has been termed as the “RIGHT TO ERASURE.”
This right will apply in certain conditions:-
1- When the data is longer necessary or relevant
2- When the individual clearly withdraws consent to processing personal data has been unlawfully processed in breach of the GDPR, and
3- The data must be erased in order for a controller to comply with legal obligations.
What more might we have to replace?
Currently, employers are obligated to provide employees and job applicants with a privacy notice setting out certain information. Under the GDPR, employers will have to provide more detailed information.
In the case of any doubt, please email us at firstname.lastname@example.org and we will surely come up with the best solution possible.