Are you prepared for GDPR?

Are you prepared for GDPR?

GDPR is the theme of the moment. On 25 May, the new regulation that protects the personal data of citizens of the European Union comes into force on a compulsory basis. The main changes in this law to the current law are related to the right to forgetfulness, the right to portability of data and changes in consent to the authorization of data processing by citizens. In today’s article we will address the changes that GDPR will bring to your company!

Explicit consent to data processing

Regarding online customer relationships, company systems should expose privacy policies in a clear and objective language. Consent to data processing by citizens should be retained to serve as evidence of free and unequivocal consent. The regulation creates additional barriers to current data collection and processing practices by introducing more stringent rules for companies with regard to consent for the collection and processing of personal data. Companies have to consider creating a contract with the data subject, complying with legal obligations and defending vital interests of the data subject. With the new regulation, a contact of a business card, for example, cannot be included in any database without the explicit consent of its owner. In practical terms, the use of previously selected boxes, absences from responses, inactivity and consent through terms and conditions will no longer be allowed, as none of the means presented is considered a means of demonstrating compliance with the consent requirements of the new Regulation.

Appoint a Data Protection Officer

This person (also known as DPO, Data Protection Officer) plays an essential role in the transition period from the old law to the new legislation. The appointment of a DPO is mandatory in the following cases: (1) whenever the processing of the data happens in a public entity; (2) where there is constant monitoring of people on a large scale; (3) whenever there is large-scale sensitive data processing; (4) in companies with more than 250 employees.

Registration of treatment activities

You shall record in detail all activities related to the processing of personal data in order for the organization to demonstrate that it fulfills all the obligations in force in the GDPR. The legislation provides that subcontractors have almost the same obligations as those responsible for processing and are thus required to prove that they comply with what is required.

Obligation to notify

Businesses and organizations have a duty to notify the National Supervisory Authority of data breaches for situations that put individuals at risk and to communicate to the citizen concerned all high-risk breaches as quickly as possible so that they can be take the appropriate actions.

GDPR is just around the corner and you need to have the best possible knowledge on the subject to escape the large fines of the new legislation. Get to know our new e-book “How to comply whit GDPR: bwd & IT PEERS methodology”, which aims to provide a document that covers the main points about the new General Regulation on Data Protection, as well as present a plan of action for compliance with the bwd & IT PEERS methodology. Download our e-book and start preparing the arrival of the new regulation today!

About the author

Marketing administrator

Leave a Reply