General Data Protection Regulation: what, when, why?
What is the GDPR compliance?
The General Data Protection Regulation is a new regulation that aims to strengthen and unify data protection for EU citizens, and also addresses the export of personal data outside the countries of the European Union. The primary objective of the GDPR is to return control to European citizens over their personal data, and second, to simplify the regulatory environment for international business by unifying regulation within the European Union.
When will the General Data Protection Regulation come into effect?
The GDPR goes into effect May 25, 2018 in the countries in European Union, although the overwhelming majority of IT professionals know the regulation of protection of date, only half of them are preparing for their arrival, the non-compliance could cost companies dearly, so every company in europe needs to know everything about the GDPR.
What kind of companies will the GDPR affect?
All companies that process or store personal information about any citizen of the European Union within the countries of the European community must comply with the General Data Protection Regulation, including those that do not have a physical presence within the European Union.
The companies that must comply with the GDPR are:
- Commercial presence in a state of the EU.
- Process personal data of European citizens, without having a presence in the EU.
- More than 250 employees
- Less than 250 employees, but their processing of data with the rights and freedoms of the interested parties, is not occasional, or includes certain types of confidential personal data. That effectively means almost all companies.
A PwC survey showed that 92% of companies in the United States considered General Data Protection Regulation to be the top priority for data protection.
Why is the General Data Protection Regulation important?
The GDPR is very important because the digitalization of business processes makes companies have the personal information of their customers every day more exposed and vulnerable to actions for which they have not been authorized.
Personal information is extremely important for the privacy of people, as well as data have become one of the most important assets of companies, and that is why is very important the regulation to oblige and guarantees that companies make a legal and transparent use of our information.
It also changes the way that individuals had to interact with companies in terms of their personal data, giving prominence to the rights that citizens have over their personal information.
What types of privacy data will the GDPR protect?
- Basic identity information: email, name, address, phone number and ID numbers
- Digital data identification: location GPS, cookie data, IP address, and RFID tags
- Genetic data about health
- Ethnic and racial data
- Biometric personal data
- Sexual preference and orientation
- Political opinions
- Also, any data that permits to identificate a specific person.
What should my company do to comply with the GDPR?
One of the most important aspects for compliance with the gdpr is the technological adequacy for data processing with the necessary aspects:
- The encryption (anonymized) of the information.
- The safekeeping of data in secure environments.
- The trazabilidad and the absolute control of the accesses to the data.
- The right to oblivion.
- The right to portability.
Cloud Worldwide Services has valuable solutions – Recordia and eComFax – for companies to comply with the General Data Protection Regulation and thus avoid fines that could reach 20 million euros.