GDPR

European consumers don’t trust companies regarding their private data. They don’t think they protect them as much as they should. This mistrust can be assigned to the growth of hacking activities (data theft, etc) and also to a lack of precaution from companies and lack of regulation.

To protect the private data in such an environment, the data protection laws had to be reinforced. This was translated by the introduction of theGeneral data protection regulation” or GDPR

It also means an opportunity of increasing the consumer confidence and opportunity of growth : the new rule comes to standardize data processing throughout the European Union and enables more transparency which can increase the confidence in the digital world.

General Data Protection Regulation (GDPR)

The new law, called GDPR, will come into force in May 2018. This timeline allows you time to be prepared.

What is the scope of the GDPR ? 

The General data protection regulation (GDPR) imposes new rules on organizations doing business with or within the European Union (EU) (and thus getting personal data of European people)

It involves not only goods & services companies but also foundations, administrations, local authorities and trade unions.

Its purpose is to provide clear and consistent information in order to protect private data – be it the data of employees, customers, partners or even leads.

What are the key changes with the introduction of this new law ?

Personal privacy

Individuals have the rights to :

Access their personal data

Correct errors in their personal data

Erase their personal data

Export personal data

Controls and notifications

Strict security requirements

Breach notification obligation

Appropriate consents for data processing

Confidentiality

Recordkeeping

Transparent policies

Notification of data collection

Notification of data processing

Data retention

Data deletion

IT and training

Need to invest in :

Employee training

Data policies

Processors / Vendors contracts

Data protection officer

One of the key rules is that the company has to constantly check that data is secured against risk of theft, of loss or disclosure. It also needs to inform the authorities and persons concerned regarding any security breach. This means that the company must know where the data is stored at all times and be able to prevent any potential attacks.

When it comes to requirements, it also involves penalties – these could amount to 4% of the annual revenue or 20 million euros.

General Data Protection Regulation

Do you wish to be informed about your options to comply with this new law ? Contact us ASAP for a security assessment

This post is also available in: French