One of the major issue when it comes to managing and protecting data is complying with all legal regulations that affect your organization. The new European General Data Protection Regulation enters into force on May 2018. It applies to all companies in the world that collect sensitive data about European customers or employees.
Comarch’ services will be adjusted to the GDPR requirements when they become the official law on May 25th, 2018. Additionally, we are committed to offer a wide range of services and resources to our customers to help them understand and implement GDPR regulations that will affect their organization.
GDPR is preparing Europe for the digital revolution. Choosing the right partner is the key to the success of your business. As a software company and provider of IT Services, we are prepared to support our customers’ GDPR compliance programs. We are ready to answer any questions and address any of your concerns regarding personal data protection and preparing for GDPR. Contact us now and we will help you to go through this process painlessly.
The General Data Protection Regulation (GDPR) is a new European privacy law, systematizing data protection laws throughout the European Union by applying unified data protection law throughout each EU Member State.
The GDPR was approved by the European Union Parliament in April 2016. It will come into effect after a two-year transition period – that is May 25th, 2018.
Any information related to a natural person or “data subject”, which can be used to identify that person or subject either directly or indirectly. This information includes names, photographs, email addresses, bank details, passwords, correspondence, posts/comments on social media platforms, medical information, and computer IP addresses.
The GDPR applies to all organizations established in the EU, and to those (no matter where their geographical location) that process the personal data of EU citizens. It covers organizations offering goods or services to data subjects in the EU, and monitoring taking place on EU territory.
The GDPR will completely replace the EU Data Protection Directive, also known as Directive 95/46/EC. From May 25, 2018 the existing DPD, along with all the laws relating to it, will no longer apply.
One of the key aspects of the GDPR is that it creates consistency across EU Member States on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with the GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
According to the GDPR regulations, the severity of the information breach will determine the level of the financial penalty imposed. You may be fined up to EUR 20 billion or 4% of your company’s worldwide revenue, whichever amount is greater. Less serious violations (e.g. improper record-keeping, failing to notify about leaks) will attract fines of a maximum of 2% of the company’s annual global turnover, or EUR 10 million.
GDPR Article 5 states that personal data must be processed lawfully, fairly and in a transparent manner, collected only for specified, explicit and legitimate purposes, adequate, relevant and limited to what is necessary, accurate and kept up to date, held only for the time absolutely necessary and no longer, and processed in a manner that ensures appropriate security of the personal data.
You should start preparing your company, clients and partners for the GDPR as soon as possible. If you already have high-level data security and privacy processes in place, this should not be a problem. However, if you just started implementing GDPR compliance you need to begin by auditing your security and data protection practices to ensure a smooth transition later.
If your enterprise is large, it is advisable to appoint a Data Protection Officer (DPO) to manage data security and other issues related to personal data processing.
What is more, you may need to file a Data Protection Impact Assessment with the supervisory authority, which may inspect and approve your data processing activities.
The GDPR points out eight fundamental rights of individuals. These are:
The GDPR’s function is to become a universal set of rules of data protection and rights across the EU. The GDPR introduces less complicated legal processes (dealing with one international law, instead of multiple local regulations) and consistency in regulations applying to all companies, no matter where they are located.
A data controller determines the purposes, conditions and means of the processing of personal data. A processor is an entity which processes personal data on behalf of the controller.