GDPR compliance: What it’s all about and how it affects you.
GDPR, the General Data Protection Regulation is an EU regulation that aims to harmonize the data protection regulations and strengthen data protection for all individuals in the European Union.
After four years of preparation and discussion, the GDPR was approved by the European Parliament on April 14th, 2016. The GDPR starts to apply on May 25th, 2018.
IT replaces the earlier data protection directive that was implemented in national level in 1995. GDPR instead will begin to apply to all Member States at the same time. It applies to almost all companies operating in the EU. The regulation applies also to organizations outside the European Union if they collect or process personal data of EU residents.
Personal data is defined as any information related to a natural person or “Data subject” that can be used to identify the person, directly or indirectly. Data breaches which may pose a risk to individuals must be notified to affected individuals without undue delay and to the data protection authorities within 72 hours.
In case of a data breach, organizations can be fined up to 4 percent of annual global turnover or 20 million euro.
Individuals can find out whether or not their personal details being processed, where and for what purpose. A copy of the personal data shall be provided free of charge when asked for. The data subject is also entitled to have his or her personal data erased by the data controller – under certain conditions.
Public authorities, as well as organizations that engage in large-scale systemic monitoring or processing of sensitive personal data, must appoint a Data Protection Officer. Inside Secure Strong Authentication helps your company to protect the personal user data you control or process.