What is GDPR and how it affects your business?
GDPR = General Data Protection Regulation. The law was adopted in the European Parliament in 2016.
Unlike the directives we were used to in the past, the European Regulations do not need national laws to implement the provisions into the legislation of each EU state and come into force directly, without any formality, in all EU Member States.
When does GDPR come into force?
Entry into force was set for May 25, 2018. Companies will have to resolve their GDPR issues prior to their entry into force, because after that date they are subject to significant sanctions for non-compliance. Two years of implementation have been allocated.
Does GDPR apply to the company I run?
YES. More than likely, the company you are running is processing, in one form or another, personal data. The concept of personal data is very broad. Examples: employee data processing, customer data processing for marketing purposes, sensitive customer data, server access logs.
It should be noted that GDPR applies not only to companies based in the European Union, but also to companies based in other countries of the world, insofar as they process personal data of persons in the European Union. In other words, if a large non-EU retailer sells online and delivers goods to people in the EU, then that company is bound to meet the conditions imposed by GDPR.
Main GDPR Obligations
1. New Rules for Consent
Consent to processing, one of the possible legitimate grounds, will have a much more restrictive regime. Thus, the request for an agreement must be intelligible and easily accessible, using clear and simple language; if several aspects are included, the request for the agreement must be clearly differentiated from the other aspects; the withdrawal of consent must be as simple as it was given; and, above all, conditioning the consent (for example, conditioning a service or delivering a good to a data processing agreement for direct marketing) is not allowed.
2. Extended Transparency
At present, the processing of personal data has to be brought to the attention of the data subjects, but the GDPR rules apply a number of additional elements, such as who is responsible for data protection, the basis of processing, profiling, etc.
3. Companies that store truly sensitive information will have to have a DPO (Data Protection Officer) responsile. For example, all hotels come here because the law forces them to make xerox to their passport or identity card.
4. New rights for individuals.
Individuals will have the right to receive their data in a structured format, which is currently used and can be read automatically - one of the most challenging news for digital businesses (directly or through another designated operator). Example: Facebook - Download my Profile
5. What are the risks:
Very simple: 20,000,000 euros or 4% of the turnover, whichever is bigger.
Creation Station Solutions can help your organisation prepare and comply with GDPR as the 25th of May 2018 deadline approaches.
Know and control your data, assets and suppliers with the CREATION STATION Solutions:
• Asset Inventory: provides the visibility you need to keep assets secure
• Threat Protection: helps prioritise and remediate vulnerabilities
• Vulnerability Management: protects against attacks wherever and whenever they appear
• Policy Compliance: Stay secure, save time and money, and feel confident audit after audit
• Security Assessment Questionnaire: Streamlines vendor and IT risk audits
For GDPR readiness, you need visibility into your IT assets. Creation Station experts share their insights on how critical it is for organisations to have full visibility into its IT assets in a quick comprehensive pdf guide.
Please complete all fields.