ISTOTEXNIKI
loading...

Information about the personal data law

How will the GDPR affect your business?

General instructions & what to look out for

The General Data Protection Regulation (GDPR) is the new data protection law of the European Union. It is designed to allow individuals to have more control over their personal data and imposes new obligations on organizations that collect, manage or analyze such data, including non-EU organizations.

The GDPR will enter into force on May 25, 2018, so you need to start preparing now. Prepare for the GDPR by following these steps and discover answers to some very important questions about the GDPR regulation and how it might be important to you.

 

What is the GDPR?
What are the key requirements of the GDPR?
Does the GDPR also apply to my organization?
My body processes data. How will I know if they are covered by the GDPR?
What happens if my organization does not comply with the GDPR?
What is provided for safety under the GDPR?
It states that organizations must be "transparent". What does this mean;
What is the GDPR?

The General Data Protection Regulation (GDPR) is the new data protection law of the European Union. It replaces the Data Protection Directive, which has been in force since 1995. Although the GDPR regulates many of the principles established by the Directive, it is much more ambitious.

Among its most notable changes is the GDPR, which allows individuals to have greater control over their personal data and imposes many new obligations on organizations that collect, handle or analyze personal data.

The GDPR also gives national legislators new powers to impose significant fines on organizations that break the law.

What are the key requirements of the GDPR?

The GDPR imposes a wide range of requirements on organizations that collect or process personal data, as well as the obligation to comply with six basic principles:

Transparency, objectivity and legality in the handling and use of personal data

• Restriction of the processing of personal data for specified, express and lawful purposes

• Collection and storage of only the minimum personal data required for a purpose

• Ensure the accuracy of the data, including the ability to delete and edit them

• Limit the storage period of personal data

• Ensuring the security, integrity and confidentiality of personal data

Does the GDPR also apply to my organization?

The GDPR applies to organizations of all sizes, regardless of industry. In particular, the GDPR Regulation applies to the following:

• the processing of each person's personal data, if the processing takes place in the context of the activities of an organization established in the EU (regardless of where the processing takes place),

• the processing of personal data of persons residing in the EU by an organization established outside the EU, if the processing is related to the provision of products or services to those persons or the monitoring of their conduct.

My body processes data. How will I know if they are covered by the GDPR?

The GDPR governs the collection, storage, use and sharing of "personal data".

Personal data is broadly defined in the GDPR as any data relating to an identified or identifiable natural person.

These may include information such as IP addresses, sales databases, customer service data, comment forms, and more.

What happens if my organization does not comply with the GDPR?

The fine for serious violations will reach 20 million euros maximum or 4% of an organization's global revenue, whichever is higher. The GDPR also gives consumers (and organizations acting on their behalf) the opportunity to take civil action against organizations that violate the GDPR.

What is provided for safety under the GDPR?

According to the GDPR regulation, your organization is obliged to take measures to maintain the security of your personal data. These measures include "organizational measures", such as limiting the number of people within your organization who can access personal data, and "technical measures", such as encryption.

The GDPR does not specify or impose the exact security measures that organizations must take. Instead, you have to determine what security measures to take based on factors such as the nature of the personal data you collect, their sensitivity, and the risks involved in processing it.

There are many types of security risks to consider. Common risks include physical intrusion, misleading employee behavior, accidental data loss and cybercriminals. Developing a risk management program and taking risk mitigation steps, such as password protection, control logs, and encryption procedures, can help ensure compliance.

It states that organizations must be "transparent". What does this mean;

It means that you have to provide honest and clear explanations as to why and how individuals' data is processed. The GDPR contains detailed information on the information you need to provide to individuals for the processing of personal data and includes, but is not limited to, information on:

• The reason why you process personal data,

• The duration of storage of this data (or the criteria for determining the duration of data storage),

• The individuals or organizations with whom the personal data will be shared and

• Whether personal data will be transferred outside the European Economic Area.

You must present this information in a clear and easily accessible manner. For this reason, it is a good idea to carefully review your disclosures regarding the requirements of the GDPR.

Technical changes that may be needed

  • Check that the setting for automatic download of newsletters from your website / e-shop is not the default.
  • If there is no text referring to the privacy policy, please fill it out to be used when accepting cookies.
  • If you do not have notification for cookie logging update, install one. For WordPress see here, while for Opencart here.
  • In the text of the privacy policy explicitly mention the possibility of contacting the administrator of the website / e-shop for possible editing or deletion of user data.

GDPR Extensions

In case you want an automated solution, there are already extensions that can help you.

If you have a website on WordPress click here.

If you have an e-shop in Opencart click here.

Privacy policy

Individuals have the following rights:

-To gain access and export their personal data

-To delete their personal data

-Correct errors in their personal data

-To oppose the processing

Checks

Companies and organizations must:

-Protect personal data by taking appropriate security measures

-To inform the authorities of the violations of personal data

-To obtain consent for the collection and processing of personal data

-Maintain records that will provide detailed information on data processing activities

IT and education

Companies and organizations should:

-To train employees in best practices for the protection of personal data and security

-To check and inform about data protection policies

Appoint a Data Protection Officer, if required

-Conclude and manage contracts with suppliers that comply with the regulation

Transparency

Companies and organizations must implement policies that:

-They will provide clear disclosure for data collection

-They will describe the reason and the cases of processing the personal data

They will define data retention and deletion policies

ΚΛΕΙΣΙΜΟ