EU Law General Data Protection Regulation Awareness – GDPR
The EU Law General Data Protection Regulation Awareness – GDPR is a law on data protection and privacy for all individuals. It addresses the export of personal data by the outsiders. The General data protection regulation was approved by the EU Parliament on 14 April 2016 and going to Implement on 25 May 2018.
The main Objective of GDPR is to protect personal data of an individual.
I think GDPR is the latest world wide buzzword, in this post we are trying to give more clear picture on GDPR.
What is the GDPR?
The GDPR (General Data Protection Regulation) is a set of rules designed by the European Union to have more control over their personal data. We can say that GDPR is a final result of four years of efforts to update data protection for the 21st century, in which people regularly give permissions to use their personal information.
For example to enjoy the free services in Social media companies like Face Book, Whats-app and twitter.
It is one of the most important change that has happened in 20 years in the field of data privacy.
Note: What is Personal data?
Personal data means information of an individual like name, address, and email id etc.
2. When does GDPR come into force?
GDPR came into force in European Union from 25 May 2018, and all member nations are expected to have transferred it into their own national law by 6 May 2018.
3. Why GDPR?
The main factors behind the introduction of GDPR are,
1. Public concern over data privacy
Now a days social media companies, e commerce companies offers free services to the peoples and get the access to their personal data, those data may be misused by the companies.
- The 50 million Facebook profiles were harvested to influence the recent election.
- In RSA surveyed 7,500 consumers in France, Germany, Italy, and U.S., 80 percent of consumers said lost banking and financial data.
2. Planned to give more clarity for organisations over the legal environment that how seriously they protect data.
- By enforcing GDPR legally EU planned to save companies €2.3 billion annually.
- Avoid unwanted marketing adds to the internet users.
- Avoid personal data resold.
4. What types of privacy data protected by GDPR?
The GDPR protects some of the privacy data like,
- Basic identity information like name, address and ID numbers
- Web data like location, IP address, cookie data and RFID (Radio frequency identification) tags
- Bio-metric data
- Health and genetic data
- Sexual orientation
- Racial or ethnic data
- Political opinions
5. Which Companies are effected by GDPR?
The List of Companies effected by GDPR are,
- Software companies
- E-gaming sites
- Insurance or financial services
- Cloud service providers
- Telecoms companies
- E-commerce companies
- online services/ SaaS
- Websites or Apps accepting payment.
6. What are GDPR Requirements?
The most required GDPR Requirements are,
- Companies should change the way they process, store, and protect customer’s personal data.
- Companies must be able to provide reasonable level of data protection and privacy to the people.
- Implementing technical and organizational data protection measures.
- Conducting data protection impact assessments on the company’s high-risk data processing activities.
- Keeping an audit trail of the company’s processing of personal data
- The data protection officer (DPO) must be appointed by the company to oversee the protection of personal data controlled.
- Documenting the unauthorized disclosure of personal data and notifying the company’s supervisory authority.
Note: The Technical Requirements of GDPR are shown below,
7. Who are Responsible for GDPR with in the company?
There are several roles that are responsible for GDPA with in the company,
1. Data Controller
The Data Controller responsible for,
- Defines how personal data is processed
- Purposes for which it is processed.
- He has total control over the data, when a company stores the Personal data on its own infrastructure.
2. Data Processor
The Data Processor is responsible for,
- Store, digitize, and catalog all the information on behalf of data controllers.
- Maintain and process personal data.
The HR department of the organization process personal data of candidates and employees that need to be protected and used. they should not involved in data sourcing.
3. Data protection officer (DPO)
The DPO responsible for,
- Supervise data security strategy and GDPR compliance.
- DPO Regularly process, store and monitor personal data.
Note: According to recent survey most of the companies are hiring for DPO post and least six new employee recruited achieve GDPR compliance.
8.How to protect personal data under GDPR?
Before understanding six key ways, let’s understand the basic terms with GDPR.
When we create an online account, we are the data subject. The organization with which we create the online account is the data controller, the person or agency who determines the purposes and means of processing our personal data. Our personal data may also be handled by a data processor (a person or agency who processes personal data on behalf of the controller).
There are Six key ways to protect personal data under GDPR,
1. Breach notification
Data processors are must notify customers without delay, once they aware of data breach (sensitive and confidential data is accessed by unauthorized manner).
2. Right to access
Data subjects have the right to get confirmation about whether their personal data is being processed, where it is processed, and for what purpose. They also have the right to get a copy of the personal data.
Note: Data subject means individual who is the subject of personal data.
3. Right to be forgotten
Data subjects has the rights to ask data controller to stop processing and erase their personal data.
4. Data portability
Data subjects have the rights to receive their personal data, and they can transmit that data to another data controller.
5. Privacy by design
Data privacy and data protection are key points in system designing. Data controllers alone can hold and process the data i.e when it is very much necessary, and must have limit access to personal data to those who need to actually process the data.
6.Data protection officers
Every company must and should have Data protection officers, he should take care of regular monitoring of data subjects on a large scale. He should be expertise in data protection laws and practices.
9. What are the business benefits of GDPR?
Business Benefits of the GDPR are,
1. It increases Cyber security
More protection is given to the computer systems from the theft and damage to their hardware, software or information in GDPR era.
2. Improves Data Management
After GDPR data management system is improved a lot to achieve Customer retention and loyalty.
3. Business alignment with GDPR
All data processing units and Customer data business owners are required to give support with GDPR core objectives.
4. Protect enterprise reputation
Before the GDPR era, if there is any misuse of personal data by the company result in penalty, after GDPR company’s reputations are increased.
5. Additional care on sensitive data
After GDPR more protection is given to the people race, religion, criminal conventions, and health data and processed both manually or automatically, to avoid data leakage.
6. Reducing Risk
If any Company is managing sensitive data of a customers they are always at risk before GDPR, but now they are happily breathing.
7. Job Opportunity increased
After GDPR new designations are created in the IT-field, so job opportunities also increased.
10. Does Startup required GDPR?
Yes or No depends on the below Statement,
“If startup working with data that relates to living people”, they must and should act according to GDPR weather it may be small, medium or large scale company.
Tips to prepare startup with GDPR
- Audit your data
- Identify the riskiest categories of personal data you process first
- Update data processing procedures
- Provide Training to the staff
- Clear practices with lawyers
- Implement cyber security frameworks
11. Do we need data protection officer (DPO) in our company?
According to GDPR, if any company working with data processing needs to employ a data protection officer (DPO).
- Expert knowledge of data protection law and practices.
- In-depth understanding of the GDPR
Roles and Responsibility
- Core activities involve data processing and regularly monitor individuals on a large scale
- Keep the organisation updated of their responsibilities under GDPR
- Provide appropriate and timely advice on data protection impact assessments.
- Monitor command with GDPR
- Be available to take data subjects for queries and request
12. What will happen if company is not act with GDPR?
If your organization is not in compliance by the May 25 deadline, then GDPR allows for more penalties of up to €20 million or 4 percent of global annual turnover.