10 facts you need to know about GDPR

10 facts you need to know about GDPR

GDPR came into force a year ago, and at the moment there is a general state of apathy regarding this new regulation. It easily goes unnoticed that the GDPR has emerged to boost opportunities, to review and enforce data protection policies. There has not been a very significant attention and adherence on the part of the organizations to this new legal obligation, which is a mistake, because despite the lack of interest that companies demonstrate, fines have already been imposed in Europe due to legal violations of the GDPR. In today’s article, we’ll give you 10 facts you need to know about GDPR!

Purpose of legislation

Technology has changed the way we live our lives: it is present at almost every moment and data is collected in everything we do. The aim is to make the laws of the European Union more homogeneous in the area of ​​data protection and privacy of citizens.

Personal data according to GDPR

According to the law, personal data means any information relating to an individual identified or identifiable through them (identifiable by reference to an identification number or to one or more specific elements of his/her physical, physiological, psychic, economic, cultural or social).

Consent by the data subject

Manifestation of a free, specific, informed and explicit willingness by which the data subject accepts, by means of a declaration or unequivocal positive act, that the personal data concerning him / her are treated.

Data treatment

Data processing concerns any operation on personal data, with or without the use of automated means, in particular:

– Collection, recording and organization of data;
– Conservation, adaptation and change;
– Recovery, consultation and use;
– Disclosure and comparison;
– Limitation, erasure or destruction.

Non-compliance with GDPR

In the event of an infringement of the rights conferred by the GDPR any interested party may appeal to the courts. The fines may be up to EUR 20 000 000 or, in the case of an undertaking, up to 4% of its annual worldwide turnover for the preceding financial year, whichever is the greater.

Mandatory DPO Appointment

The appointment of a mandatory DPO in the following cases:

1) Public authorities or bodies;
2) Entities regularly monitoring personal data on a large scale;
3) Entities regularly monitoring large-scale sensitive personal data or data relating to criminal convictions and offenses.

Who can play the role of Data Protection Officer

According to the GDPR, the Data Protection Officer (DPO) can be anyone who works in the organization, as long as it meets certain conditions. The DPO needs to have expertise in the field of law and data protection practices. It is not mandatory that you be a lawyer, but this professional must have in-depth legal knowledge in the area of data protection and experience in this industry. DPO must be able to advise the company’s Management and its employees on the obligations of the Regulation as well as other data protection provisions in force in the EU and in other
Member States. It is important that this professional is able to teach, communicate their ideas and make themselves understood by all employees of the company. DPO needs to know everything about the company, in particular the procedures of each department. DPO is also required to monitor the compliance of the company’s processes with the new GDPR through audits. The regulation allows DPO to carry out functions other than data protection, but it is advised that DPO devotes most (or even all) of its time to data protection and compliance issues.

Create a rigid security policy

The security policy is a document developed by the company that records the principles of security that the company adopts and that must be followed by the employees. The security policy should be applied to all information systems, both desktop and mobile. For policy to be respected, it is essential that top managers participate in its implementation.

Protect your data in all environments

The company must ensure that highly sensitive data is encrypted or masked so that there is no risk of loss and the company falls victim to the heavy fines set out in the new regulation. Datapeers offers a variety of sophisticated scrambling techniques to protect sensitive data, replacing them irreversibly with fictitious but realistic data.

E-mail marketing

Although the new legislation significantly changes the performance of email marketing, it will continue to be possible to communicate through this way:

• Perform an audit of the current database: It is important to know where the database contacts are geographically and you need to keep evidence of consent provided by the contacts.
• Know where the contact came from: it is necessary to know how that contact came to the company and it is necessary to know if the data is up to date.
• Privacy policy: It is mandatory to have a privacy policy that details how data is collected, how it is processed, and what purpose it is stored in the company database.