General Data Protection Regulation
Friday 20 May 2016
From January 1st 2016, a new legislation for the General Data Protection Regulation (GDPR) came into force and the Dutch Data Protection Authority the CBP has the right to impose penalties on companies that do not comply with this legislation. These fines can be up to 4% of the companies annual turnover, up to a maximum of €20 million. This is important to note with regards to your own business, but what does this law mean and for whom does this legislation target?
What is the General Data Protection Regulation?
The General Data Protection Regulation replaces the EC Data Protection Directive in 28 EU countries and a new law that allows the the European Commission aims to enhance data protection for individuals in within the EU. This law states that companies must be careful, vigilant and respectful with regards to peoples personal privacy and data.
Right to be forgotten
This law also means that people have the right to be ‘forgotten’. When asked by one of your customers to remove their data from your system, all the information regarding this person must be removed, even from backups.
Vulnerability Reports Required
In addition to managing personal data, companies are also required to notify all individuals involved in the event of a security breach. Besides informing the individuals, the company is also obliged to inform the supervisory (or regulatory) authority as soon as knowledge of the leak has come to light.
Individuals should be able to remove all of their personal data from one electronic system and move this to another without data being retained at the original source by the data controller/manager. This data must be delivered in a structured way in the most common data format to ensure compatibility across different systems.
If there is no compliance with the law, or no mention is made of a data leak/breach, the company in question may be subject to sanctions and fines.
These may consist of:
- Written warning - This is in the first instance of an unintentional non-compliance with this law.
- Periodic data protection audit.
- Fine of up to 4% of annual global turnover in the preceding financial year, or a fine of up to €20 million, whichever is most applicable to the company in question.
To Whom Does the General Data Protection Regulation Apply?
The General Data Protection Regulation applies to all companies within the EU who have customers in the EU, and who store their customers data within the EU. This law firmly applies to companies outside the EU, but who retain customers information who are from within the EU. However this law is not applicable to organisations that store personal information in the interests of national security or law enforcement. For companies with multiple international basis, they often develop and operate a form of ‘one-stop shop’. A centralised base, so that the entire company regardless of location can access the centralised data. This means that the government of the country, where the head office is based, is responsible for supervising the activities of the company in question at all locations in the EU.
What is Personal Information, According To The European Commission?
Personal data or information in accordance with the European Commission, all information related to an individual, whether it is private, professional or even public information. This means that the data in question can consist of a photo, email address, bank details, social media posts, medical information or an IP address.
We Can Ensure You Meet The General Data Protection Regulations
The impact of the General Data Protection Regulation is wide-ranging and applies to any company that stores data of its customers who are from within the EU. Many companies at this time do not yet meet the new requirements. Korper ICT offers support to companies in order to help them comply with these regulations. We can help you with secure file transfers, the archiving of all actions taken, automating certain processes such as removing archived data after 7 years or automating business processes.
Thanks to this service, the archive will be easy to access and you will be able to find out:
- Exactly what has happened with your stock.
- Where it has been sent, tracking where the stock is at that moment in time.
- Customer details are also easily attainable within this database.
If your organisation generates data, the data in the form of files regularly from A to B will be moved. Moving these files does not seem especially complicated, but when this concerns business critical or sensitive data processes, it is important that this movement of data is done in a correct and reliable manner and that those files being transferred are not intercepted. Moreover, it is also important that a history log is created to aid with both finding this files and tracking their movements.
Make sure your organization meets the General Data Protection Regulations. In need for more information? Get in touch with us!