What is GDPR?
GDPR stands for European Union General Data Protection Regulation. It comprises a set of rules for data protection for all European citizens, replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The main reason for setting new rules for data protection is rapid growth of the amount of data and completely new way of accessing and processing the data.
The European Parliament, the Council of the European Union and the European Commission adopted new strategy for data regulation and it is effective from May 25, 2018.
It is important to note the GDPR is a regulation and by such is a binding legislative act. It must be applied in its entirety across the EU in contrast the the previous legislation, which is a directive. Learn More >>>
How does it affect you?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
It introduces data breach notification into European law for the first time and it places stricter responsibilities on organisations to prove they are adequately managing and protecting personal data. This means that any company that works with information relating to EU residents will have to comply with the requirements of the GDPR, making it the first global data protection law.
Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). Learn More >>>
How to be compliant?
Compliance with the GDPR involves technical (IT software and systems) and operational (processes) changes in organizations.
Organisations will be required to get individual’s consent to store and use their data as well as explain how it is used. They will also be required to notify the supervisory authority within 72 hours in case of security breach unless it is unlikely to result in a risk to the rights and freedom of individuals.
GDPR brings two more “rights” – to access, where organizations must provide digital copies of private records of individuals and – to be forgotten, where EU citizens will be able to request the delete of personal data and restrict the sharing of data. Moreover, individuals will be able to request unrestricted data transfer from one controller to another and the controller must provide the data in commonly used format (i.e. csv).
GDPR set two roles in the data regulation: Controller, who determines the purposes and means of the processing of personal data and Processor who conducts the processing of the data. Controller specifies how and why personal data is processed and is responsible for ensuring their processor obey the data protection law.
Organizations that have more than 250 employees will have to name Data Protection Officer (DPO) who will be responsible for implementing and following the GDPR. Learn More >>>
How can Miadria help?
Achieving compliance with old (on premise or hosted) software and systems will be next to impossible so Miadria’s competences and experience working with leading cloud technologies, will help you achieve compliance by:
- Conducting risk assessment
- Implementing cloud services and solutions to locate and catalog the personal data in your systems, build a more secure environment, simplify your management and monitoring of personal data, and give you the tools and resources you need to meet the GDPR reporting and assessment requirements.
- Consulting on new business processes: Identifying and secure the personal data in your systems, Accommodating new transparency requirements, Detecting and reporting personal data breaches
- Training privacy personnel and employees
Learn More >>>