Briefly About GDPR: Minimizing individual data treatment, limiting the goals of information gathering and measuring are firm demands of the upcoming legal rules of data manipulation in 2018. Now you are able to claim the free copy of your personal data files held by other parties. You are also eligible to ask any company keeping your data to update, modify, or delete it not later than within 30 days after your request. Besides, when giving your consent for individual information handling you are to be informed by a controller about the mentioned rights.
This article is a general overview of GDPR conventions explained both for the leaders of big corporations and users giving them the identifying information.
What Does DGPR Mean?
DGPR stands for General Data Protection Regulation which was approved on 14 April 2016. Officially it will be enforced on 25 May 2018 that’s why the principles of GDPR might be of great interest to the various EU industries and businesses.
The document was designed to unify data confidentiality laws across all European countries, to protect humans privacy, and offer better approaches to privacy data gathering, handling, and analyzing.
What Are the Effects of the New Laws?
No matter, where your digital business is located, in Europe or outside it, you will be affected by data protection conventions if you develop some digital products or offer some goods. The laws might be followed by all companies that collect and process data of individuals. The companies that don’t comply with the new requirements will be slapped with a fine of €20 mln or 4% of annual turnover. You can read the latest software development rates report to be aware of all changes GDPR will cause.
A great example of non-European companies that will be influenced by new rules is Facebook. Being the US network, Facebook, however, processes bulk information of people living in European countries, and now has to change some of its processes to meet the requirements of new laws.
What Is Understood Under Personal Data?
Personal data is anything that helps identify a person. It may be a photo, a name, a medical data, an email, bank information, and even posts in social networks. Speaking of children under 16 years of age, their personal data will be processed with parental consent.
Related article: You might be interested in How Companies Use Big Data!
What Business Has to Contact a Data Protection Officer?
Here is a short list of activities that require business owners to contact a DPO:
- Public authority - all branches that are legal to govern public life.
- Organizations that monitor people systematically.
- Organizations that process sensitive data regularly.
If you are uncertain about your belonging to any of the groups above, read more about DPOs tasks and roles in the Guidelines of Data Protection Officers document which is available in the Internet for download.
The documents on breaches state that an entity that has been breached must notify the DPA and the customers posed to risks during 72 hours.
8 Core Rules of GDPR
- Information must be gathered with restrictions, fairly and legally.
- It must be relatable to the objectives of its use. Besides, it must be regularly updated and precise.
- The aims of handling data should be determined at the time when it is collected and not to be used for any purposes different from the intended ones.
- Personal information cannot be used for any aims different from the initial without the data subject agreement.
- Sensitive data should be protected from loss, changes, or any kinds of a breach.
- People must be able to easily reach their data.
- All people have rights to participate in controlling information about themselves.
- Controllers are responsible for satisfying the conventions listed above.
Why Should Companies Leaders Keep an Issue of Cyber Security on the Front-Burner?
Cyber risks are currently growing so fast that cyber defenders fail to develop new security solutions. According to MMC Cyber Handbook 2018 among the industries that have been mostly influenced by cyber attacks are energy (26%), healthcare (25%), retail and wholesale (25%), manufacturing (22%), infrastructure (19%), and financial institutions (17%).
Telecommunications, financial industries, and manufacturing are three sectors which have been targeted by hackers most frequently than the other industries.
One of the reasons the European business leaders have to double down on GDPR is that they need 3 times longer than the US companies, for example, to detect a breach. The delays in identifying breaches lead to hackers browsing network systems of corporate companies for some valuable or specific information.
Business owners have to identify all sensitive data of the customers they might hold. According to new regulations, it may be not only names or email addresses but also some metadata such as IP or locations.
A great innovation is connected with children data privacy as written earlier. Now when kids are too negatively affected by social media, GDPR sets a hard cap on the age when children can sign up for social networks (13 years).
If you are dealing with great amounts of sensitive data contact Diceus for assistance. We can provide you with the best solutions in accordance with GDPR rules.