For the European Commission, the protection of personal data is a key element of the Digital Single Market. All this scenario has boosted the creation of the new General Regulation on Data Protection (GDPR) for the European Union, which repeals the current legislation on personal data protection, published in 1995, when Internet access was not yet widespread. The new Data Protection Regulation enters into force in May 2018 and there is still a lack of knowledge regarding its performance and implications. In this article, we will cover all the aspects you must know to receive the new data protection regulation in accordance with the law!
The most significant and impacting changes in this new regulation are:
Right to forget
Citizens will be able to require companies to delete their personal data. The new regulation allows the personal data of each citizen to be destroyed at his request.
Citizens can require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it easier to switch to a TV service provider, for example.
Right of opposition to profiling
Companies’ computer systems should be able to register who indicated a refusal to automate their data, as is usually done in processes of behavioral analysis and creation of consumption profiles.
Records and proof of consent
Regarding the online relationship with customers, company systems should expose privacy policies in clear and objective language. Consent for the processing of data by users should be kept in a form to be presented if necessary.
Privacy by ‘default’ and design
You should ensure the protection of data from the design of computer applications, minimizing the processing of personal data, masking of data, encryption, among other topics.
Obligation to notify
Companies and organizations have the responsibility to notify the National Supervisory Authority of data breaches about situations which put individuals at risk and to communicate to the citizen concerned all high-risk breaches as quickly as possible.
How do I know if the new law applies to my business?
The new data protection law applies to any organization doing business in the European Union regardless of whether personal data processing occurs in the European Union or not, and regardless of whether it is personal data about EU residents or only visitors.
What happens if I don’t comply with the new data protection regulation?
The punitive regime of the new law is very demanding and includes fines that in the case of violations of lesser gravity could reach 10 million euros or 2% of global business volume globally. In the most serious cases fines may reach 20 million euros or 4% of total turnover.