GENERAL DATA PROTECTION REGULATION (GDPR)
¿What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation designed to unify and normalize the data protection framework within the EU.
Its primary purpose is to give control of data – primarily Personally Identifiable Information (PII) – back to the individual.
¿Who is affected?
The law is mandatory for all the public and private companies within EU but also affects any company outside of UE is the organization is processing personal data for UE citizens.
¿What are the changes regarding Data Protection Directive 1995 (95/46/EC)?
Reinforces some rights and create new rights:
- Right to Information
- Right to Access
- Right to Rectification
- Right to Object
- Right to Object to Automated Decisión Making (Profiles)
- Right to Restriction
- Rigth to Data Portability
- Right to Erasure
Introduces the Data Controller and the Data Processor roles.
There will be DPO (Data Protection Officer) that will take care of compliance and will be the (SPOC) Single Point of Contact with employees, customers, suppliers & authorities.
¿What are the main security prerequisites over personal data?
Technical and organizational measures will be taken to ensure a risk based level of security. The security measures will be taken based on technology, implementation costs, nature, scope, context and purpose of process with a variable probability and severity to take care of rights and fredoom of physical persons.
- Personal data encryption and pseudomization
- Capacity to ensure confidentiality, integrity, availability and resilience of systems and services
- Capacity to quickly restore availability and access to personal data in case of any kind of physical or technical incident
- A regular verification, assessment and valoration of the technical and organizative measures to guarantee the security in the process of the personal information
¿When will it enter into force?
GDPR will come into effect on 25th May 2018.
¿What would happen if you are not compliance with the GDPR?
The GDPR stipulates significant fines for non-compliance. Repeated offences can invite fines reaching up to 20,000,000 EUR or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
General Data Protection Regulation