What is GDPR? What do you need to know? We have prepared a 4 minutes video explaining the key points of this new privacy regulation.
GDPR (General Data Protection Regulation) is the new regulation to protect personal data of all EU residents, It replaces the 1995 Data Protection Regulation. It will be enforced May 25th 2018.
What is the main GDPR benefit? As an EU resident your personal data is better protected.
What is personal data? “Any information that relates to an identified or identifiable living individual”
Lets look at some examples:
- Name and surname
- ID card number
- An IP address
- An email address with your full name
- A cookie ID
It is an endless list
Remember! If it can in any way identify a living person it would be personal!
GDPR Key changes:
- Increased Territorial Scope: The #GDPR applies too all companies who use EU residents data regardless of location.
- Consent: Companies MUST make consent clear and understandable and the ability to withdraw consent must be just as easy.
- Breach Notification: Data breach notification that will result in a risk for the rights and freedoms of individuals must be reported in 72 hours to member states AND customers.
- Right to access: Data users “us” have the right to obtain what data of ours is in use and why, free of charge in electronic format.
- Right to be forgotten: We as users have the right to have all of our data removed (some minor exclusions apply)
- Data Portability: Our data can be taken from one data controller and given to another in a commonly used and machine readable format.
- Privacy by design: From the enforced date new designs must have privacy at its core and not as an addition.
- Data Protection Officers: DPO’s will be required for any company who deal with larger scale or special categories of data usage and have over 250 employees.
- Penalty: Companies can be fined up to 4% of global turnover or €20m for serious infringements.
GDPR Key requirements for companies:
- Audit all devices and data also insure their services providers are #GDPR compliant.
- Control who has access to data and keep it to a minimum and accessed only when necessary.
- Invest in more secure devices and always have an update policy to protect security software
- Have software in place to respond to issues in real time.
- Conduct regular training for cyber security to avoid mistakes.
Here at Docuo we believe your data is very important and being a company located in Europe we welcome this new regulation and are full compliant.