European Regulation on Personal Data Protection
What is GDPR?
The General Data Protection Regulation (GDPR) was passed on April 27, 2016 and is subject to a MANDATORY APPLICATION for all Member States of the European Union on 25.05.2018
It is a new privacy regulation that will be valid throughout the European Union and will allow individuals to have more control over their personal data. It also ensures transparency in the use of data and requires security and controls for the protection of personal data.
Which businesses are concerned
All private and public companies that manage personal data of their customers, clients of their customers, employees, associates or other individuals.
Virtually all businesses, inside and outside the European Union, if the data concern European citizens.
The GDPR regulation applies regardless of where your company is located and applies to organizations of all sizes and industries.
What should businesses do?
Businesses must take appropriate measures to bring them into line with the Directive as soon as possible, including:
• Appropriate training and awareness of human resources.
• Observance of the basic principles of personal data protection, ie collection for a specific legitimate purpose and processing of them only for that purpose.
• Take appropriate electronic security measures.
• Save the data for the minimum amount of time required.
• Clear consent of individuals to the purpose of maintaining and collecting their personal data.
• Accessing data from affiliates if they demonstrate compliance with GDPR.
• Use appropriate tools and procedures in order individuals to have the ability to:
o Transfer their personal data.
o Correct their personal data.
o Delete their personal data.
o Limit their processing of their personal data
o Recall their consent for further actions.
• Prove that they are compliant to all procedures of the Regulation.
• Establish a Disaster Recovery and Continuity Plan and Incident Response Plan,
• Organize procedures for detecting violations, as well as a process of informing the authorities and subjects (within 72 hours).
Things that businesses need to face directly:
• The proper management of their computerized systems by certified engineers and support companies that are proven to be authorized by manufacturers to properly maintain the equipment and software used by the company.
• Upgrading or replacing old computer systems that do not support new technologies and no upgrades and patches are available from the developer.
• Designing solutions that are compatible with the new directive.
• The inaction of business leaders or complacency after the first basic harmonization measures were taken.
What are the fines in case of non-compliance
• Heavy fines start with € 10,000,000 or 2% of the world’s turnover and end up with € 20,000,000 or 4% of the world’s turnover, whichever is greater.
• Compensation to subjects that their personal data were not protected.
What can Easy Systems offer you?
Harmonization with the new European regulation (GDPR) is a specialized process for a business carried out by certified engineers using latest technological tools.
The regulation requires significant changes to the management of privacy and data, by applying different practices from those that have been followed so far by businesses.
The process of evolving and adapting in line with the European directive may become smoother if you operate on a properly structured service model with more efficient techniques, aimed at avoiding unnecessary costs and procedures.