Search

GDPR Compliance - What you need to know!

Updated: Nov 22

What is GDPR?

GDPR(General Data Protection Regulation)is a regulation in EU union to protect personal data and privacy of EU citizens which includes all transactions that occur within EU states.


What does GDPR Compliance mean?

Companies that collect data from EU citizens need to comply with GDPR which protects customer data. A data breach can happen anytime, information can get lost or stolen and viewed by the person who was never intended to see it. Under the terms of GDPR, the organization has to ensure that personal data are collected under strict rules, if not they need to face penalties for not doing so. It is also a challenge for companies because they need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address, and Social Security number.


Who is responsible within my company

Data controller, Data Processor, and Data Protection Officer(DPO) are the roles that are responsible for GDPR compliance. The data controller needs to ensure how the personal data are processed and for what it is being processed.

The Data processor deals with the data as instructed by a controller for specific purposes and services offered. The GDPR holds processors liable for breaches or non-compliance. It's also possible to face consequences even when the fault is on your processing partner like a cloud provider. Every company needs to have a DPO if they store a large amount of EU citizen's data. DPO is responsible to oversee data security strategy and GDPR compliance.


What are the personal data protected under GDPR principles?

Not every piece of information is considered to be personal data, and the GDPR offers a definition of what qualifies as personal data.


Definition (Article 4(1)):‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

If you're a controller or processor you have a different set of rules to process the special categorized data.


Special categories in personal data

These categories might require additional protection and not be collected without any good reason.

  • racial or ethnic origin,

  • political opinions,

  • religious or philosophical beliefs,

  • trade union membership,

  • genetic data, biometric data(facial recognization, fingerprints, etc)

  • health data,

  • sex life and sexual orientation.

You can still process special categorized data as specified in Article 9


What Should be Done when there is a data breach

According to Article 33

1. In case of any personal data breach, the controller needs to notify his supervisory authority within 72 hours. In case if notification is not made to the supervisory authority within 72 hours, it shall be accompanied by reasons for the delay.


2. The processor needs to notify the controller without any undue delay after becoming aware of a personal data breach.


3. The notification referred to in paragraph 1 shall at least:

-> Describe the nature of data breach

-> Communicate the name and contact details of the DPO

-> Describe the likely consequences of personal data breach

-> Describe the measures taken or proposed to be taken by the controller to address the personal data breach

4. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay


5. (1)The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects, and the remedial action taken.

(2)That documentation shall enable the supervisory authority to verify compliance with this Article.


34 views
Love it? Rate itDon’t love itNot greatSatisfiedReally goodLove itLove it? Rate it

©2016-2020 techqii.