GDPR

THE NEW EUROPEAN GENERAL DATA PROTECTION REGULATION

The GDPR is the new European data protection regulation, which will come into full effect on 25th May 2018 and will oblige companies to deploy tools to control and handle specific procedures of client and employee data protection management.

The GDPR applies to all national, public and private, organizations that process data of EU citizens, and all those in breach of this directive may be fined up to €20 Million or 4% of their annual global turnover.

What you should know

• The GDPR is already in effect, but conceding a two-year grace period to prepare, so, by May 2018, when it will become fully enforceable, your organization must be in conformity;
• The aim of the GDPR is to “harmonize” data protection legislation across all EU and to eliminate the differences between EU legal systems;
• According to the GDPR “personal data” is all information that, directly or indirectly, allows to identify an individual;
• The IP addresses, location data and other aspects that may identify a person will be encompassed by the GDPR;
• The regulation is supported by a self-regulated model, leaving the responsibility of interpretation and operationalization to the organizations;
• A correct application of the GDPR may require nominating a DPO (Data Protection Officer) and appointing technical team with technical and legal know-how about the new regulation;

The GDPR gives citizens the power to:

• Access and control their personal data more easily
• Transfer their personal data to another service provider
• Erase their personal data, i.e., have the right to be forgotten
• Know if their personal information has been affected by any data breach