GDPR is a new regulation made by the European Council, the European Parliament and the European Commission want to boost and merge data Protection for each individual living within the territory of European Union. Coming into effect on May 25, 2018, it was introduced on April 27, 2016 and once comes in the effect, it will replace the current UK Data Protection Act 1998 immediately.
It mainly narrates the way governments, public sectors and businesses gather, share and utilise data of residents living in the EU. It implies that the organisations that receive data of the residents of EU have to create a data protection strategy in their infrastructure; otherwise, it will risk them very serious penalties. So, the key requirements for GDPR are as follow-
π Every company must have a power to identify, safeguard, report and categorise the PII – personal identifiable information of EU citizen.
π The information governance report having a detail of PII, reason to store it, purpose of using it, medium to which it is stored, way to process it, way to categorise and who can share can be requested by the regulators.
π No unauthorised person is allowed to assess or leak the PII data as there will be a serious fine if any breach happens.
π The regulator will impose substantial fines to those who fail to offer the PII report and also the data leakage happens.
Important Questions Related To GDPR
Q: Does GDPR hold any importance if one leave the European Union?
Ans: The UK will not leave the EU until 2019. That means, during the time GDPR comes into action, the UK will be there with the EU. There can be chances that the ICO – UK Information Commissioner’s Office thinks to enforce new rules though. Practically, it would go much extensive than that of the UK. So, every business that deals to the EU would require to follow these regulations, or their risk being banned or approved from offering services or goods to Europe, however, for UK based organisations, that rarely matter – the ICO may force on GDPR to be implemented.
Q: Who will enforce it and when?
Ans : In the United Kingdom, the regulator will be the ICO. So, we can expect that it will be the regulating authority which will enforce it. Recently, in June 2017, this regulation had fined an organisation – Gloucester City Council a sum of £100,000 as they left personal data vulnerable to some cyber attacks. The incident took place when the cyber-attacker misused a weak-point available in the website of the council in 2014 which resulted into more than 30 thousand emails got downloaded from the mailboxes of council. It was a fine imposed under the regulation of Data Protection Act 1998.
Under the directive of EU, the DPA had been implemented and GDPR is basically an extension and update of this law. So, the ICO is supposed to do something that it was doing earlier till GDPR came into force; however, with higher fines. After the GDPR effect, the companies will be imposed €20 million or up to 4 percent fines on their international turnover, whichever is higher.
Things You Should Know About GDPR
Important figures and facts about GDPR
π The data saved on EU matters must be only used for the purposes settled at the time of data collection. It would include addresses, telephone numbers, email addresses, names and updates on social media, IP addresses and pictures.
π Companies should make sure that they serve a right to erasure on the demand of the individuals as it was not available in the previous directive on Data Protection.
π The data has to be portable with famous file formats.
π Workflows and processes have to be redesigned to make privacy by its design
π All types of organisations are supposed to hire a data protection officer in their organisation as he will be answerable to the questions asked by the authorities of data protection.
π Reporting of a breach in data has to be done within 72 hours on learning about this breach and should address to the subjects of data, regulators and data controllers.
π The controller of data is someone who narrates the purpose of a data to be used for and the way it will be processed.
π The data processor will not employed or hired by the controller of the data as he will be the third party who would manage, retrieve, share, disclose or adapt data for data controller.
π The notification of breach must narrate as less as possible details of the breach, issue level, contact details of data protection officer and also possible outcomes that the breach can cause and the way to deal with it.
About GDPR, there is no provision for any certain accreditation or certification that clearly means that companies would hardly achieve the compliance with GDPR. So, in case an organisation lose or leak the PII of an EU resident, the authorised data protection concern (like ICO in UK) will look into the workflows, security and processes which are in place for the safety of PII of EU residents while ensuring the fine size.
The post Time To Take Serious Action For GDPR – Part 2! appeared first on .