The new Data Protection Regulation (GDPR) enters into force on May 25, 2018, with a mandatory nature. Companies need to be aware of all the requirements of this legislation in order to fulfill all their specifics and ensure that they are not “victims” of their huge fines. In today’s article, we will address the main curiosities about the new data protection regulation!
The RGPD aims to align the data protection requirements in the various Member States of the European Union, thus making this issue more coherent. According to an IDC study, data security leads the list of concerns in European companies and this standard helps organizations ensure the protection of their information. Citizens also benefit from this law as they gain greater control over their personal data.
Personal data are all those that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union affiliation, and data relating to sexual life or sexual orientation.
High-risk areas, such as health organizations and legal organizations, are regulated in a more demanding manner and are subject to data protection impact assessments.
The GDPR will boost IT investments. Applications should incorporate reporting and data portability, for example. Information technologies have the capacity to reduce costs and companies must take full advantage of their potential.
The employee who is responsible for implementing the new regulation will have to develop legal policies so that all elements of the company apply as soon as the law comes into force. He or she will also be responsible for supporting business executives and IT professionals in fully understanding the legislative standard so that all internal processes are applied in accordance with the law.
The new GDPR provides a new job: data protection delegate. This figure will be mandatory in some companies and will be the person responsible for fulfilling all the obligations provided by law. This function is mandatory “where the principal business activity consists of, or involves, processing operations which, by reason of their nature, scope or purpose, require regular and systematic monitoring of data holders on a large scale.”