GDPR News Center News for 10-01-2018

What is GDPR? Understanding and Complying with GDPR Data Protection Requirements

A Definition of GDPR. The General Data Protection Regulation, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. 

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally. Articles 17 & 18 – Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily, and they may direct a controller to erase their personal data under certain circumstances. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. 

Articles 33 & 33a – Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed. Articles 36 & 37 – Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects. Article 45 – Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

What is GDPR? Understanding and Complying with GDPR Data Protection Requirements

A Definition of GDPR. The General Data Protection Regulation, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. 

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally. Articles 17 & 18 – Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily, and they may direct a controller to erase their personal data under certain circumstances. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. 

Articles 33 & 33a – Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed. Articles 36 & 37 – Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects. Article 45 – Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

5 last-minute GDPR resources to help bring businesses into compliance

This Friday is the deadline for compliance with the European Union’s new General Data Protection Regulation, widely considered the strictest law in the world in terms of regulating the collection and use of consumer data. In broad strokes, GDPR generally requires companies get clear consent for collecting people’s personal data and allows people to access the data stored about them, fix it if it’s wrong, and delete it if they so choose. Even if your business isn’t based in the EU, it may still be required to comply with GDPR if it collects data on people in the EU, and the fines for not complying can be severe: up to 20 million euros or 4% of annual revenue in the most egregious cases. If you’re still scratching your head about what you need to do to get ready for the new law, here are a few resources that can help. Parker, an automated chatbot from international law firm Norton Rose Fulbright, can help if you’re still figuring out whether your business outside the EU even needs to comply with GDPR. 

Essentially a checklist in chat form, the tool can help you decide in a few minutes how concerned you need to be about the new regulation. This GDPR compliance checklist, developed by a group of startup founders from Belgium, can help you take the same rigorous approach to making sure you’re ready for the new law. While this guide is aimed at designers, it’s useful to anyone who’s involved in crafting websites, apps, or services that are going to potentially handle people’s personal data. Designers, developers, and managers all need to be thinking about what data they actually need to collect, and where they can store and process it. They also need to make sure users clearly agree to what’s going on and have the legally required resources to access, update, and delete their data if need be. 

If you want to let your customers see the data you have on them-and update or delete it if they wish-but you also store data across multiple cloud vendors, you might have some work to do. One solution is to use a core tool that syncs that data to as many of those third-party cloud services as possible to simplify things when those user requests come in or you’re preparing your compliance documentation. Segment, which has long helped companies connect with third-party data services, has rolled out tools to help its customers track those requests, data updates, and user consent changes to forward them on to supported vendors. 

Keywords: [“Data”,”need”,”new”]
Source: https://www.fastcompany.com/40575829/5-last-minute-gdpr-resources-to-help-bring-businesses-into-compliance

Leave a Reply

Your email address will not be published. Required fields are marked *