Is the EU General Data Protection Regulation (GDPR) affecting my business?
From May 2018 the new rules will be effective. This affects all entities that are within the EU or doing business with EU citizens collecting, processing and saving personal data. The following main changes are going to have a direct impact on how business have to act.
Explicit Consent Required
The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.?
Privacy by Design
Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At it’s core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. This means that every organization must implement appropriate technical and organizational measures.in an effective way to the requirements of this Regulation and protect the rights of data subjects.
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as towhether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Why should I care regarding this changes as a business?
The internet and the wide spread of technology in the todays society empowers companies to move many of their processes towards the digital world. This means data is collected, processed, stored and sometimes even transferred to 3rd parties. Features like crawling and accessing big data pools with mining capabilities offers new ways of reaching the targeted groups.
But…due to the new regulations, companies must implement technical and organizational measures independent whether you’re a large company or a simple webshop selling goods over the internet. If your company is not able to comply with the rules, the potential penalization will pull you out of business faster than lighting.
Bluecoons tech has many years of experience in implementing technical measures on all levels of the organization. Depending on the requirements of your organization, bluecoons tech is developing and implementing the need elements from building complaint websites, ecommerce modules and many mores