The GDPR (General Data Protection Regulation) is the basis of an EU legislative package on the reform of data protection. A single legal framework for the protection of personal data is established in all EU Member States. Citizens' fundamental rights are recognized and safeguarded while defining the basic obligations of bodies who "process" (= collect, store, use / reuse) personal data. Compliance is not optional, neither is it accomplished by simply completing questionnaires nor by typical training. The regulation requires, inter alia, that those involved be able to demonstrate compliance with all the principles governing the processing of personal data.
Why is a reform needed?
Most of us do not fully understand how much sensitive personal information is collected and stored, or how that affects our day to day lives. Most people don’t even know how advanced today’s data collection initiatives and learning algorithms are. Many companies swap access to people's data for use of their services and to make matters worse, collected information is more than often sold to the highest bidder.
Only 15% of the people feel that they have full control over the information they provide electronically. Public concern over privacy is significant and it grows bigger with every new high-profile data breach. Lost banking and financial data, identity information (e.g., passports or driving license) as well as medical records are amongst the biggest concerns of consumers.
What does the GDPR govern?
The General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1)], regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.
The law applies to:
a) a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed;
b) a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.
It doesn’t apply to the processing of personal data of deceased persons or of legal entities. The rules don’t apply to data processed by an individual for purely personal reasons or for activities carried out in one's home, provided there is no connection to a professional or commercial activity. When an individual uses personal data outside the personal sphere, for socio-cultural or financial activities, for example, then the data protection law has to be respected.
How does it work?
The data controller determines the purposes for which and the means by which personal data is processed. So, if your company/organisation decides ‘why’ and ‘how’ the personal data should be processed it is the data controller.
The data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to the company.
If your company is a small and medium-sized enterprise ('SME') that processes personal data as described above you have to comply with the GDPR. However, if processing personal data isn’t a core part of your business and your activity doesn't create risks for individuals, then some obligations of the GDPR will not apply to you.
Learn more about the new data protection rules...
What are the benefits?
New rules should boost consumer confidence and in turn business itself.
> It's a matter of trust …
As consumers become better informed, they expect more transparency and responsiveness from the stewards of their data. A lack of trust in old data protection rules held back the digital economy and quite possibly your business.
> helping business boom...
One set of rules applies for all companies processing data in the EU. That way, doing business gets easier and fairer. The new system keeps costs down and will help business grow.
With the appropriate compliance framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.
The GDPR came into force on 24 May 2016, allowing a grace period of two (2) years, and will apply from 25 May 2018,.for all member states of the EU, without the need for local legislation and by abolishing existing regulations.
Constituting the biggest change in EU data protection legislation over the past 20 years, it aims to bridge the gap between technological developments and regulatory framework to meet the new challenges of the IoT and cloud networking.
Having implemented numerous networking and control systems projects, employing experts in the latest coding and digital security technologies, we offer professional support throughout all the stages of compliance of your business / organization with the new regulatory framework:
By choosing our services, not only do you comply with the GDPR, but you also substantially upgrade your activities. Increase the efficiency, secure your digital infrastructure, and enhance your company's or organization's extroversion, transparency, and reliability with data management systems made by futuresimple.