In May 2016, it was published a general regulation about Data Protection in the official Journal of the European Union. This new regulation revokes the current legislation on the protection of personal data, published in 1995, when internet access was not yet widespread.
The main objective of this regulation is to protect the privacy of citizens, and to ensure the free movement of personal data in the European Union. This new regulation aims to find answers to the challenges posed by the technological evolution that has happened in recent years.
Due to this new regulation, companies should be aware of two main factors: the huge increase in the value of the sanctions applied and the disappearance of the obligation to notify and obtain authorization by the National Data Protection Commission at the beginning of the process. At present, the maximum fine imposed on companies that don’t comply with data protection requirements is around 30 thousand euros. Under the new regulation, the maximum fine amounts to EUR 20 million or 4% of the company’s annual profit.
Companies should pay attention to other changes such as the territorial scope of the new rules, the right to forgetfulness and the right to data portability. The new regulation will be applied to all companies that are processing personal data within the European Union, even if their head office is outside. The right to forgetfulness concerns the right to block your personal data. The right to portability allows citizens to transfer the data provided to a company or public entity to another company or entity. In this way, companies and entities are obliged to provide citizens, in an automatic reading format, with the data that were previously available.
With this new regulation, companies have new obligations. The function of the Data Protection Officer, which is imported from German law, obliges companies to have a professional with expertise in this field of data protection law, whose main function is to monitor compliance with the rules of the new Regulation by company.
There is a further obligation for businesses, which currently applies only to companies in the electronic communications sector: the report of cases of personal data breach resulting from security breaches, to the competent authorities and to the affected citizens.
Datapeers is an innovative and automated data masking solution that helps organizations meet data privacy requirements and improve the quality of software development, testing, training, and certification processes. With the application of this new regulation, Datapeers becomes an essential tool for companies and entities that deal with personal data, giving them a secure mechanism to guarantee their privacy and avoid the huge fines that the regulation entails.