Adieu, Big Brother. Here are the new privacy rules:
The new General Data Protection Regulation (GDPR) answers all of these questions.
As the new regulation will affect all organizations that handle personal data, we need to ask ourselves why this regulation is so important and how companies can get properly prepared for it. It will be key to prepare sufficiently since GDPR introduces high sanctions for non-compliance, including revenue based fines of up to 4% of annual worldwide turnover or €20 million in cash, whichever is higher.
Which substantial changes are coming our way?
Keep a detailed record of all processing activities
Companies will have to keep records of personal data processing (under article 30, GDPR). Such records state what types of data are recorded, with whom this is shared and which safety precautions have been taken to protect this data.Accountability and transparency are key
GDPR requires companies to demonstrate more transparency and to respect the increased rights of data subjects such as the right to be forgotten, the right to data portability, the right to rectify, the right to object and the right to restriction of processing.
Consequently, policies, contracts and supply chains will need to be reviewed and realigned as much as possible, in order to be in accordance with the GDPR before it comes into effect.
Data Protection Officers
The GDPR obliges private companies whose core activities consist of processing operations that require regular, large-scale and systematic monitoring of data subjects to appoint a ‘Data Protection Officer (DPO)’.Article 39(1)(b) of the GDPR entrusts DPOs, among other duties, with the duty to monitor compliance with the GDPR. Recital 97 further specifies that the DPO ‘should assist the controller or the processor to monitor internal compliance with this Regulation.
If you process data on a small scale, it is still key that HR, IT, Risk and Legal are well aware of the new regulation in order to secure the internal data flows and data processing activities so that they follow the GDPR requirements.
Data breach notification
One of the most significant changes that is introduced by GDPR is the requirement to notify data breaches to supervisory authorities and the affected individual no later than 72 hours after discovering it.Compliance must be demonstrated, let's embrace it!
As with so much of GDPR, being able to demonstrate that the appropriate measures were undertaken will be key. That’s why GDPR compliance can be considered an ongoing process that will require the support of a multidisciplinary team (in-house or via consultancy).
Your Privacy
Strictly Necessary Cookies
Performance Cookies
Targeting Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Please be informed that Hubspot, in its capacity of service provider, collects your data on an anonymized basis. If you however submit a form via Hubspot, you acknowledge and agree that your personal data will be used for marketing purposes.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Please be informed that Hubspot, in its capacity of service provider, collects your data on an anonymized basis. If you however submit a form via Hubspot, you acknowledge and agree that your personal data will be used for marketing purposes.