European consumers don’t trust companies regarding their private data. They don’t think they protect them as much as they should. This mistrust can be assigned to the growth of hacking activities (data theft, etc) and also to a lack of precaution from companies and lack of regulation.
To protect the private data in such an environment, the data protection laws had to be reinforced. This was translated by the introduction of the “General data protection regulation” or GDPR.
It also means an opportunity of increasing the consumer confidence and opportunity of growth : the new rule comes to standardize data processing throughout the European Union and enables more transparency which can increase the confidence in the digital world.
General Data Protection Regulation (GDPR)
The new law, called GDPR, will come into force in May 2018. This timeline allows you time to be prepared.
What is the scope of the GDPR ?
The General data protection regulation (GDPR) imposes new rules on organizations doing business with or within the European Union (EU) (and thus getting personal data of European people)
It involves not only goods & services companies but also foundations, administrations, local authorities and trade unions.
Its purpose is to provide clear and consistent information in order to protect private data – be it the data of employees, customers, partners or even leads.
What are the key changes with the introduction of this new law ?
Personal privacy
Individuals have the rights to :
Access their personal data
Correct errors in their personal data
Erase their personal data
Export personal data
Controls and notifications
Strict security requirements
Breach notification obligation
Appropriate consents for data processing
Confidentiality
Recordkeeping
Transparent policies
Notification of data collection
Notification of data processing
Data retention
Data deletion
IT and training
Need to invest in :
Employee training
Data policies
Processors / Vendors contracts
Data protection officer
One of the key rules is that the company has to constantly check that data is secured against risk of theft, of loss or disclosure. It also needs to inform the authorities and persons concerned regarding any security breach. This means that the company must know where the data is stored at all times and be able to prevent any potential attacks.
When it comes to requirements, it also involves penalties – these could amount to 4% of the annual revenue or 20 million euros.
Do you wish to be informed about your options to comply with this new law ? Contact us ASAP for a security assessment
This post is also available in: French