The new legal framework (GDPR) will come into effect on the
25th of May 2018
After 4 years of work and negotiations, the new European regulation: GPDR or RGPD (General Regulation on Data Protection) has been adopted and will be effective from 25 May. What to disrupt the global operation of companies!
The purpose of this program is to protect the personal data of the citizens of the European Union – here are the principles of the 8-point GDPR:
- Consent : Must be confirmed by a statement or other clear affirmative action. You cannot assume consent or even use pre-checked website boxes.
- Data Protection Officer (DPO): Might be obligatory. Requires expert knowledge of data protection law. Could be an employee or via a service contact.
- Privacy from start to finish : Privacy considerations must be built-in everywhere and only data strictly required for stipulated purpose can be used.
- Wider scope : Covers your business, plus those who process data for you—even outside the EU.
- Mandatory breach reporting : Data controllers must tell local supervisory authorities, such as the ICO in the UK, within 72 hours of becoming aware. In serious breaches individuals must be informed.
- Data portability : Individuals now have the right to move, copy or transfer personal data— even to a competitor
- Penalties : Could be up to 4% of annual global turnover, or €20m, whichever is greater. You might be fined even if there is no actual loss of data
- Individual rights : Significantly expands the rights of individuals and what information they must be provided with regarding processing activities
Source : General Data Protection Regulation (GDPR): The Sage quick start guide for businesses
This may seem very restrictive from the point of view of the company. But the RGPD will also play on the trust capital of the brand with your customers, partners and employees. So, are you ready?
Also find in video all the details of this new regulation:
If the video doesn’t start: click here.