That's it. Anyone processing personal information must comply with GDPR. Data controllers are those who determine how and why personal data is handled as well as data processors they are companies who handle personal data for the data controller.
The law stipulates that everything businesses do must consider privacy by design, and breaches must be reported after 72 hours. This could also mean sanctions up to 4% of the annual revenue.
What is GDPR?
The GDPR is a fresh EU legislation on data protection that is in force will provide users with more control of the data companies collect about them. The regulation also raises the fines for violations.
It define "personal data" as any information that identifies a natural person such as name, email address, IP addresses, and telephone numbers. Also, it includes information related to an individual's genetic and biometric features. The new law demands companies to obtain explicit consent from people before using their personal data and define the conditions of this agreement in plain language. It also permits individuals to cancel their consent at any time. In the event that they do it, the organization must remove all personal data on its systems. It's also called "the droit to being forgotten."
The GDPR will apply to firms and companies within the EU as well as to organizations who are not part of the EU which provide goods or services for monitoring the behaviour of, or process personal data of people who reside in that European Union. The GDPR puts the burden to be in compliance both with data controllers as well as data processors.
They are required to enter into agreements with the data controllers that define their duties and outline how they intend to comply with the GDPR’s strict rules on security processing, reporting and breach notifications. These companies must educate their personnel in the new laws.
The most important aspect of GDPR is for companies to monitor their usage of personal information. Data subjects can check to see if they are being improperly used or whether a breach was committed. This safeguards the trust of consumers and also helps prevent the misuse of data.
GDPR defines principles that include the transparency of data, fairness and restriction of use. These include "lawfulness, fairness and proportionality" meaning that the motive of collecting and store personal data must be logical and justifiable. You must limit the amount of data you keep and store only GDPR data protection officer for as long necessary.
What will the GDPR mean for my company?
It applies to any organisation that collects personal data about EU citizens, even people who reside outside the EU. This also includes companies that do business together with EU citizens. It is a law that seeks to increase the privacy of data and require companies to provide additional details regarding what personal information they collect as well as how it is used and safeguarded. The penalties could up to 20 million euro or four percent of global revenues if businesses do not comply.
Companies must adopt an approach that is integrated to GDPR and take into consideration every aspect of the impact. In order to do this it is essential for businesses to involve all the parties and not only IT. The creation of a GDPR Task Force comprised of representatives from Marketing Operations, Finance, and Sales is a great way to ensure that every department is aware of the changes that could affect your business.
If a team is able to gather information about the risk profile for an organisation then it's time to determine what mitigation measures are needed. It could be as simple as implementing encryption, or updating current guidelines for protecting data. This may also include setting up new processes to manage data, providing classes for employees to understand the GDPR's regulations or establishing an organizational structure to allow greater transparency and accountability.
Businesses must also communicate with customers clearly about the changes in regulations. They will be able to make it much easier to adhere to the requirements of the new regulations. The document must be easy to read, concise, accessible that is easy to read and understand. It should also use plain language, not technical language.
Making preparations for GDPR is crucial for every business that processes or makes use of data pertaining to EU citizens. Companies can stay clear of costly penalty fees by taking proactive steps to make sure they are in line with GDPR.
What can I do to prepare myself for the GDPR?
Begin by investigating the gathering data, the processing and storage of information. The GDPR mandates that companies be more transparent and specific when describing how personal data is collected, stored and used. This might require a full examination of current practices, procedures and systems.
Additionally, new regulations should be implemented to make sure that data is collected only for the purpose stated and not used for any other purpose. This could reduce the amount of information you store and manage and can help to avoid fines under GDPR.
As an example, in GDPR, if your company collects information to market, your consent forms must be precise, concise and clear (not hidden inside legal notices) simple to pull out and distinct from any other conditions and terms. The pre-ticked box or treating non-consent as consent may not be sufficient any longer, so a simple opt-out must be made available.
Similarly, your privacy notices have to be updated with your legal grounds for collecting your data, and any other information required from the GDPR, including retention times and the option to make a complaint to ICO. It is also recommended to review any contracts with any third-party companies processing your personal data for compliance to GDPR.
Consider also how your business will protect the rights of people like their right to access details, as well as the ability to amend or correct the information, restrict processing, and to reject automated decisions(including profiling) and the right to be forgotten. It is crucial to identify who will be in charge for these tasks, before putting the proper systems into the place.
Below is a checklist is a great tool to help in the preparation for GDPR. Get our GDPR Compliance 10-Step Checklist for more specific information on the steps you need to take in preparing. It covers all aspects of GDPR preparation that includes everything from the way your organization gathers personal information to sharing about it with its customers, and how it's processed securely. If you are in the EU or not it is a must to ensure that your company is GDPR-compliant.
How can I stay compliant in accordance with GDPR?
Always check the compliance of your GDPR. Make sure that your system is in place so that data subjects can make use of their new rights. These include the right of access, the corrective right and the erasure right (the"right to be forgotten). Ensure that all procedures are transparent and well-documented. It is important that staff members receive the initial training and refresher courses so that they stay current with your guidelines.
You should consider adding a section in your privacy policies that clarifies what you'll do with the requests of individuals to make use of their rights, which could include an authorization process. It will allow you to avoid potential fines for failing to adhere to GDPR's regulations. It's also beneficial that you have someone who is responsible for compliance in the company. This could be an internal or external professional with knowledge of GDPR regulations who is able to be contacted by any person within your organization.
Check that the companies that process and store the personal information you provide are in compliance with GDPR. This is important since GDPR makes your business and the processing partner responsible for any breach of the law or non-compliance with GDPR, so you need to make sure they're taking exact same precautions as you are to protect personal information.
Document your personal data, in particular, where they come from, who has access to them, and the ways you reduce the risk. It will enable you to be able to prove conformity to GDPR to any supervisory authority if they are asked.
Prepare yourself to deal with any issues that may arise, and be ready to immediately respond. Avoid fines or reputational damage. Some companies are contemplating the addition of clauses in agreements with employees that demand them to adhere to all GDPR policies. Certain companies are adding incentives and punishments to help encourage compliance. This includes withholding rewards or other benefits from employees who don't follow the rules. The survey by Veritas Technology showed that more than half of those who responded were likely to incorporate GDPR regulations in the employee contract of employment.