General Data Protection Regulation 2016/679
The New European Regulation GDPR 2016/679 was adopted by the European Parliament on 16 April 2016. From 25 May 2018, it will be implemented as legislation of direct application by all member states of the European Union. The Regulation regulates the rights of natural persons regarding:
- their personal data,
- the processing of their personal data,
- the free and unimpeded movement and transfer of their personal data within the borders of the European Union,
- procedures for the transfer of personal data outside the European Union.
The new European Regulation GDPR 679/2016 replaces Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Other critical points that affect the reputation and liquidity of the company are:
- the obligation to inform the Authorities and customers within a certain period of time,
- the publication of personal data leakage incidents,
- indemnities to Data Subjects who have suffered damage.
Some of the key steps you can take to comply with the GDPR are:
- Determining where they exist and where the personal data held by your business – organization are located.
- Create policies that clearly describe how and why your business collects and processes personal data.
- Set up a risk management plan to protect your data.
- Compliance with the standards of the regulation on transparency, accountability and record keeping.
- Making data requests and maintaining the required documentation.
The range of requirements for companies and organizations that collect or process personal data is wide, with the six key principles set out below:
- Transparency, objectivity and legality in the handling and use of personal data.
- Restriction of the processing of personal data for specified, express and lawful purposes.
- Collection and storage of the minimum possible volume of personal data required for a purpose.
- Ensure the accuracy of the data, including the ability to delete and edit them.
- Limit the storage period of personal data.
- Ensuring the security, integrity and confidentiality of personal data.
The GDPR regulation is mandatory for all organizations that process personal data and are established in the EU. (regardless of where the processing takes place), as well as for organizations located outside the EU. and process data of citizens residing within it. Any non-compliance with the regulation leads to the imposition of fines. The fines for serious violations will reach up to 20 million euros or 4% of the annual turnover of a company – organization, whichever is higher. The GDPR also gives consumers (and organizations acting on their behalf) the opportunity to take civil action against organizations that violate the GDPR.