At this point you might be aware, GDPR – the General Data Protection Regulation for all individuals within the European Union takes effect on 25 May 2018.In this post,we take look at some important points you should know about GDPR.
Quick Snapshot
GDPR stands for General Data Protection Regulation, and refers to the European Union regulation for data protection for all individuals within the European Union.The regulation (Regulation (EU) 2016/679) becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC) from 1995.
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not) are affected by GDPR. GDPR rules also applies if the individual or organisation themselves is located in an EU member state.
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.
Both controllers and processors (clouds etc.,) are within GDPR enforcement.A controller is the entity/organisation that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity/organisation which processes personal data on behalf of the controller.
Conditions for consent have been strengthened.Also parental consent would be required to process the personal data of children under the age of 16 for online services.
DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data. For others,DPO appointment is not mandated.
DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.
Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.
GDPR calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties , as well as limiting the access to personal data to those needing to act out the processing.
It is important to note that the GDPR is a regulation, in contrast the the previous legislation, which is a directive.
Like this post? Don’t forget to share it!
There are few things as valuable to a business as well-designed software. Organizations today rely…
The cryptocurrency industry is being reshaped by the fusion of blockchain technology and artificial intelligence…
Introduction Artificial Intelligence (AI) has also found its relevance in graphic design and is quickly…
Imagine a world where the brilliance of Artificial Intelligence (AI) meets the unbreakable security of…
In today’s fast-paced digital landscape, automation is not just a luxury but a necessity for…
The world of casino gaming has leveraged the emerging technology advancements to create immersive and…
This website uses cookies.