December 27, 2017

GDPR: At a Glance

What is GDPR and when does enforcement begin?

The General Data Protection Regulation (GDPR) is a new piece of legislation adopted by the European parliament and council to bring greater strength and consistency to the data protection of individuals living within the European Union. Enforcement for this new legislation begins on Friday, May 25, 2018.

Why does GDPR matter?

GDPR matters because it will increase the level of protection that individuals will have when it comes to how their data is collected, stored, processed, and used. In fact, companies that do not legally comply with this regulation could face fines of up to $24 million or 4% of their global turnover, depending on the precise nature of the offense.

Who needs to comply?

The following organizations must comply with GDPR:

• Organizations operating within the European Union (EU), including those operating within the EU but registered elsewhere.
• Organizations that offer services to individuals living with the EU.
• Organizations that handle, process, or store the personal data of any individual living within the EU.
• Organizations with equipment located in the EU.

What rights do individuals have?

• The right to be informed. This emphasizes the need for transparency about how their personal data will be processed and used.
• The right of access. Individuals will have access to their personal data and be able to obtain confirmation that their data is being used.
• The right to rectification. Individuals will be able to have their personal data corrected if it is inaccurate or incomplete.
• The right to erasure, also known as the right to be forgotten. Individuals will be able to request the deletion or removal of their personal data.
• Rights in relation to automated decision making and profiling. Individuals will be protected against decisions made without human intervention, that could be damaging to them.
• The right to data portability. Individuals will be permitted to obtain and reuse data for their own purposes.
• The right to object. Individuals will be able to object against the use of their personal data for direct marketing or for the purposes of marketing profiling or research.
• The right to restrict processing. Though organizations can store personal data, they will not be able to use it any further if an individual suppresses the usage of their personal data.

How do I comply?

• Organizations will be required to comply as soon as the legislation comes into effect in May 2018. It is essential that they prepare in advance to ensure they meet all requirements. To ensure concerns are addressed and issues resolved, it is best to consult with legal counsel and a reputable information security expert.