fbpx
ISTOTEXNIKI
WEB SOLUTIONS
gdpr regulations

Information on the Personal Data Act

How will GDPR affect your business?

General instructions & what to watch out for

The General Data Protection Regulation (GDPR) is the European Union's new data protection law. It is designed to allow individuals to have greater control over their personal data and imposes new obligations on organizations that collect, manage or analyze such data, including organizations outside the EU.

The GDPR regulation will come into effect on May 25, 2018, so you need to start preparing now. Prepare for GDPR by following the steps below and discover answers to some very important questions about GDPR and what it might mean for you.

 

What is GDPR?
What are the basic requirements of GDPR?
Does GDPR also apply to my organization?
My organization processes data. How will I know if they are covered by GDPR?
What if my organization is not GDPR compliant?
What is provided for security under the GDPR regulation?
It is stated that organizations must be "transparent". What does this mean;
What is GDPR?

The General Data Protection Regulation (GDPR) is the European Union's new data protection law. It replaces the Data Protection Directive, which has been in place since 1995. Although the GDPR retains many of the principles established by the Directive, it is much more ambitious.

Among its most notable changes, GDPR enables individuals to have greater control over their personal data and imposes many new obligations on organizations that collect, handle or analyze personal data.

The GDPR also gives national lawmakers new powers to impose significant fines on organizations that break the law.

What are the basic requirements of GDPR?

The GDPR imposes a wide range of requirements on organizations that collect or process personal data, including the obligation to comply with six key principles:

Transparency, objectivity and legality regarding the handling and use of personal data

• Limiting the processing of personal data for specified, explicit and legal purposes

• Collection and storage of only the minimum personal data required for a purpose

• Ensuring the accuracy of the data, including the ability to delete and edit it

• Limiting the storage period of personal data

• Ensuring the security, integrity and confidentiality of personal data

Does GDPR also apply to my organization?

The GDPR applies to organizations of all sizes, regardless of industry. In particular, the GDPR applies to the following:

• the processing of each individual's personal data, if the processing takes place in the context of the activities of an organization established in the EU (regardless of where the processing takes place);

• the processing of the personal data of individuals residing in the EU by an organization established outside the EU, if the processing is related to the provision of products or services to those individuals or the monitoring of their behavior.

My organization processes data. How will I know if they are covered by GDPR?

The GDPR governs the collection, storage, use and sharing of “personal data”.

Personal data is broadly defined under the GDPR as any data relating to an identified or identifiable natural person.

This may include information such as IP addresses, sales databases, customer service data, feedback forms and more.

What if my organization is not GDPR compliant?

The fine for serious violations will reach a maximum of 20 million euros or 4% of an organization's global revenue, whichever is greater. The GDPR also gives consumers (and organizations acting on their behalf) the ability to bring civil legal proceedings against organizations that breach the GDPR.

What is provided for security under the GDPR regulation?

Under the GDPR, your organization is required to take measures to keep your personal data secure. These measures include “organizational measures”, such as limiting the number of people within your organization who can gain access to personal data, and “technical measures”, such as encryption.

The GDPR does not specify or mandate the exact security measures that organizations must take. Instead, you are responsible for determining what security measures you need to take based on factors such as the nature of the personal data you collect, its sensitivity and the risks involved in processing it.

There are many types of security risks to consider. Common risks include physical intrusion, employee misconduct, accidental data loss, and cyber attackers. Developing a risk management program and taking risk mitigation steps such as password protection, audit logs, and implementing encryption procedures can help ensure compliance.

It is stated that organizations must be "transparent". What does this mean;

It means you must provide honest and clear explanations of why and how individuals' data is processed. The GDPR contains detailed information about the information you must provide to individuals about the processing of personal data and this includes, but is not limited to, information on the following:

• The reason for which you are processing the personal data,

• The duration of storage of this data (or the criteria for determining the duration of data storage),

• The individuals or organizations with whom the personal data will be shared and

• Whether personal data will be transferred outside the European Economic Area.

You must present this information in a clear and easily accessible manner. For this reason, it is a good idea to carefully review your disclosures against GDPR requirements.

Technical changes that may be needed

  • Check that the setting to automatically download newsletters from your website/e-shop is not selected by default.
  • If there is no text mentioned in the privacy policy, fill it in so that it is used when accepting cookies.
  • If you don't have a cookie update notification, install one. For WordPress see here, while for Opencart here.
  • In the text of the privacy policy, explicitly state the possibility of contacting the administrator of the website/e-shop for possible processing or deletion of user data.

GDPR Extensions

In case you want an automated solution, there are already extensions that can help you.

If you have a website in WordPress you click here.

If you have an e-shop in Opencart you click here.

Privacy policy

Individuals have the following rights:

-To access and export their personal data

- To delete their personal data

- To correct errors in their personal data

-To object to processing

Controls

Companies and organizations must:

- To protect personal data by taking appropriate security measures

-Notify the authorities of personal data breaches

-To obtain consent for the collection and processing of personal data

-Keep records that will provide detailed information on data processing activities

IT and education

Companies and organizations should:

- To train employees in the best practices for the protection of personal data and security

-Check and update data protection policies

- Appoint a Data Protection Officer, if necessary

-Conduct and manage contracts with suppliers that comply with the regulation

Transparency

Companies and organizations must implement policies which:

-They will provide clear disclosure about data collection

- They will describe the reason and cases of personal data processing

-They will define data retention and deletion policies

ΚΛΕΙΣΙΜΟ