GDPR – General Data Protection Regulation. This is one of the most severe legal acts on the regulation of processing and protection of personal data in the EU. The Act will enter into force on May 25 2018, and will radically change the way of collecting and protecting personal data. Our company has already changed the protection of personal data. If you didn’t make it, then you have a little more time to review and update personal data. In the meantime, we will tell you a little about this regulation in the article.
Most people do not understand what the regulations for. So the GDPR designed for:
- for uniforms data protection laws, permission in EU countries;
- for the protection of personal data and the extension of the rights to the confidentiality of all subjects of personal data in the EU;
- to update the procedures adopted by EU organizations in order to protect the personal data of subjects in the EU, taking into account current trends.
What is included in the concept of personal data:
- fingerprints, genetic data, biometric data, race;
- information about the house and work;
- sexual orientation and personal information;
- Health Information;
- behavioral models, devices used;
- family information;
- religious views and philosophical views;
- pastime and hobbies;
- Political Views;
- interests and hobbies;
- travel history and location data;
- financial information.
How to recognize if you fall under the GDPR?
- institutions in the territory of the EU;
- Institutions outside the EU, which process the personal data of EU entities.
What specific changes were made to the GDPR:
- multilevel system of penalties depending on the severity of the violation;
- the presence of a specialist in data protection and information security, which will carry out large-scale research or processing of special categories of personal data;
- the requirement to transfer broad powers to the EU’s data protection authorities;
- the requirement for organizations to carry out an inventory of information assets;
- the need to provide data leakage reports within 72 hours from the time of registration of the incident, as well as timely informing subjects of personal data;
- special requirements for monitoring, encryption, and depersonalization of personal data;
- expansion the rights of personal data;
- requirement for DPIAs;
- adding biometric and genetic data to special categories of personal data;
- obtaining unambiguous consent to the processing of personal data;
- personal data operators must conduct proper checks on personal data processors;
- the need to comply with the requirements for information security when designing IT solutions.