Brief introduction to the General Data Protection Regulation (EU) 2016/679 of the EU Parliament
The General Data Protection Regulation (GDPR) introduces a number of changes to the current legal framework, enhancing the data protection and control requirements for companies, their customers, employees and partners. GDPR requires these companies to act legally and transparently. GDPR affects everyone, not only banks or financial institutions which deal with your data and bank account information, but any company that collects, processes, or stores data that can be identified as “personal”.
What is “Personal Data”?
Direct: name, personal number, bank account number, physical characteristics such as height, eye color.
Indirect: browser history, internet preferences and settings, location at a specific time.
Several main changes:
- Under GDPR falls, any company managing the data of a resident entity in the EU regardless of the location of the company (for example a non-Belgian company or business in Belgium managing the data of a Belgian citizen is under GDPR).
- Personal data protection not only during processing and storage of data, but for the whole cycle of system planning and design, transfer and eventual erasure.
- Right of access and right to be forgotten – companies managing personal data are required to provide all the information about the data subject upon request and to “forget” the subject – the information is no longer available for processing, marketing or other purposes and this subject can not be linked to it any further.
- Designation of a Data Protection Officer in the cases explicitly indicated by the Regulation and maintaining a register with the data processing activities for which he is responsible.
- Sanctions for non-compliance may be property or fines up to € 20 million or 4% of annual turnover.
To deal with the new legal framework, companies need to carefully plan and describe the way of collecting, processing and storing personal data, as well as reviewing their existing systems and procedures that work with such information. Global Consulting`s experts can help you in this process as well as our seminar on the topic.
How to prepare for GDPR in 6 easy steps:
Inform – Start with your employees. Explain to everyone what GDPR is and how it will affect business and work.
Document – Review and describe all sources of information, their types, and who has access to it.
Check – Inspect your procedures and make sure they follow the new data protection rules.
Plan – Build a long-term implementation plan for the organization and make it available to all employees of the organization (GDPR handbook).
Enable – Work with systems that comply with and facilitate the implementation of the new regulation, easily recognize sensitive data and encrypt it if necessary.
Talk to users – Explain them the changes and update your privacy agreement to comply with the new regulations (according to the GDPR the privacy agreement needs to be clearly stated without excessive complexity or unnecessary legal terms).
Global Consulting can help with analyzing and drafting an action plan, implementation services, and offering the appropriate solutions and products to meet the requirements of the new regulation.