General Data Protection Regulation

 

 

 

Is your business prepared for GDPR?

 

 

One of the major issue when it comes to managing and protecting data is complying with all legal regulations that affect your organization. The new European General Data Protection Regulation enters into force on May 2018. It applies to all companies in the world that collect sensitive data about European customers or employees.

Infographic GDPR General Data Protection Regulation

Changes introduced by GDPR

 

  • Right to Secure Data and Privacy
  • Implementation of risk mitigation strategies and privacy by design
  • New individual rights to delete or change the data
  • Implementation of the correct procedures and processes
  • Mandatory and regular tests, assessments and evaluation of technical and organizational security measures

Platform as a Service – Benefits

Comarch’ services will be adjusted to the GDPR requirements when they become the official law on May 25th, 2018. Additionally, we are committed to offer a wide range of services and resources to our customers to help them understand and implement GDPR regulations that will affect their organization.

GDPR is preparing Europe for the digital revolution. Choosing the right partner is the key to the success of your business. As a software company and provider of IT Services, we are prepared to support our customers’ GDPR compliance programs. We are ready to answer any questions and address any of your concerns regarding personal data protection and preparing for GDPR. Contact us now and we will help you to go through this process painlessly.

Learn more about General Data Protection Regulation

Contact Us

contact

Tell us your business needs, and we’ll find the perfect solution

Ask about details

White Paper

white paper

A New Approach to Personal Data Processing in a Nutshell

Download

Frequently Asked Questions

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy law, systematizing data protection laws throughout the European Union by applying unified data protection law throughout each EU Member State.

2. When is the GDPR coming into effect?

The GDPR was approved by the European Union Parliament in April 2016. It will come into effect after a two-year transition period – that is May 25th, 2018.

3. What types of data are considered to be personal data?

Any information related to a natural person or “data subject”, which can be used to identify that person or subject either directly or indirectly. This information includes names, photographs, email addresses, bank details, passwords, correspondence, posts/comments on social media platforms, medical information, and computer IP addresses.

4. To whom do the GDPR regulations apply?

The GDPR applies to all organizations established in the EU, and to those (no matter where their geographical location) that process the personal data of EU citizens. It covers organizations offering goods or services to data subjects in the EU, and monitoring taking place on EU territory. 

5. Are current EU data protection laws are going to be replaced by the GDPR?

The GDPR will completely replace the EU Data Protection Directive, also known as Directive 95/46/EC. From May 25, 2018 the existing DPD, along with all the laws relating to it, will no longer apply.

6. What changes are going to be introduced in organizations along with the GDPR?

One of the key aspects of the GDPR is that it creates consistency across EU Member States on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with the GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.

7. What happens if my company does not comply?

According to the GDPR regulations, the severity of the information breach will determine the level of the financial penalty imposed. You may be fined up to EUR 20 billion or 4% of your company’s worldwide revenue, whichever amount is greater. Less serious violations (e.g. improper record-keeping, failing to notify about leaks) will attract fines of a maximum of 2% of the company’s annual global turnover, or EUR 10 million.

8. How does my company ensure GDPR compliance?

GDPR Article 5 states that personal data must be processed lawfully, fairly and in a transparent manner, collected only for specified, explicit and legitimate purposes, adequate, relevant and limited to what is necessary, accurate and kept up to date, held only for the time absolutely necessary and no longer, and processed in a manner that ensures appropriate security of the personal data. 

9. How can I prepare my company for the GDPR?

You should start preparing your company, clients and partners for the GDPR as soon as possible. If you already have high-level data security and privacy processes in place, this should not be a problem. However, if you just started implementing GDPR compliance you need to begin by auditing your security and data protection practices to ensure a smooth transition later.

If your enterprise is large, it is advisable to appoint a Data Protection Officer (DPO) to manage data security and other issues related to personal data processing.

What is more, you may need to file a Data Protection Impact Assessment with the supervisory authority, which may inspect and approve your data processing activities.

10. What rights do individuals have according to the GDPR?

The GDPR points out eight fundamental rights of individuals. These are:

  1. The right to be informed – individuals have the right to know how organizations are using their personal data.
  2. The right of access – individuals have the right to know exactly what information about them is held and how it is processed.
  3. The right of rectification – individuals have the right to rectify their personal data if it incomplete or inaccurate.
  4. The right to erasure – individuals have the right to have their personal data deleted without specifying the reason for it. 
  5. The right to restrict processing – individuals have the right to block or suppress processing of their personal data.
  6. The right to data portability - individuals have the right to retain and reuse their personal details for their own purposes. 
  7. The right to object - individuals have the right to object to their personal data being used (e.g. for direct marketing or scientific research).
  8. Rights of automated decision-making and profiling - individuals have the right to choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.

11. What are the benefits of GDPR compliance?

The GDPR’s function is to become a universal set of rules of data protection and rights across the EU. The GDPR introduces less complicated legal processes (dealing with one international law, instead of multiple local regulations) and consistency in regulations applying to all companies, no matter where they are located. 

12. What is the difference between a data processor and a data controller?

A data controller determines the purposes, conditions and means of the processing of personal data. A processor is an entity which processes personal data on behalf of the controller.