The General Data Protection Regulation(GDPR) imposes new rules on organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents, no matter where they are located.
What is it?
The GDPR contains many requirements about how you collect, store, and use personal information. This means not only how you identify and secure the personal data in your systems, but also how you accommodate new transparency requirements, how you detect and report personal data breaches, and how you train privacy personnel and employees.
What are the key changes with the GDPR
Individuals have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data
Controls and notifications
Processors will need to:
- Protect personal data using appropriate security practices
- Notify authorities within 72 hours of breaches
- Receive consent before processing personal data
- Keep records detailing data processing
Processors are required to:
- Provide clear notice of data collection
- Outline processing purposes and use cases
- Define data retention and deletion policies
IT and training
Processors will need:
- Train privacy personnel & employee
- Audit and update data policies
- Employ a Data Protection Officer (for larger organisations)
- Create & manage processor/vendor contracts
Are you ready for GDPR?
25th May 2018 was the deadline given to companies to comply with the General Data Protection Regulation (GDPR).
For more information on GDPR please contact us.