Why GDPR is good for you?

Posted on July 14, 2019 by johnbun

The General Data Protection Regulation, or GDPR for short, is a major new European privacy law that went into effect on May 25. GDPR will radically change the relationship with the organisations that store and process your data.

GDPR was a logical answer to the digitalisation of our society and economy in which personal data became a product gathered by companies offering free internet services such as Google, Facebook and Instagram. Those companies became the largest companies in the world just by selling our personal data to businesses which are using this to influence our behaviour and buying by presenting us targeted messages and advertisements.

GDPR gives you back the ownership over your personal data. The value and respect for your personal data protection is now regulated by law.

It means companies have to

request consent for gathering and processing your personal data (cookie and privacy notices)
protect your personal data (security)
request companies to access, modify or delete your personal data

To request access, modification or deletion of your personal data, you can use the tools on the following site: https://www.mydatadoneright.eu

Building trust in the digital world: EU General Data Protection Regulation

Posted on December 25, 2015 by johnbun

Schermafbeelding 2015-12-25 om 19.25.36

Why?

Bruce Schneier – Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.”^[1]

To protect rights of European individuals the EU has agreed on a new EU General Data Protection Regulation. European citizens will get a whole new set of rights:

the right to be “forgotten”,
the right to data portability,
the right to object to profiling and
a strengthened right to prior notification before data collection

This new EU regulation will assist companies in respecting information of the people they are working with. Organizations will be accountable to incorporate these rights into their daily business practices, if they are not already.

When?

Political agreement on the General Data Protection Ruling was reached on 15 December 2015. It will replace the existing Directive 95/46/EC. It should be formally adopted in 2016 and come into force in 2018. The agreed text is here.

What?

The new ruling concerns personal data of all citizens of Europe and applies to organizations established in the Europe and also to organizations outside Europe that deal with data of European citizens.

How?

Companies controlling and processing personal European data must not only comply but also be able to demonstrate they comply, e.g. through the use of policies and privacy impact assessments and compliance to new data security requirements including:

additional obligations for contracts
use of encryption,
back up and security testing

Organizations with more than 250 employees must also appoint a data protection officer.

Data breaches must be reported to the Supervisory Authority within 72 hours as soon as a company becomes aware of a data breach. Potential impacted individuals also have to be notified.

The sanctions for breach of the General Data Protection Regulation are significant. Regulators can impose fines of up to 4% of total annual worldwide turnover or €20,000,000. This is regardless if you’re a Google or a 1-person consultancy, in both cases violating this law will hurt your business’ bottom line.

So don’t hesitate to prepare implementation, build your policy, start with assessments and protect the personal data in your company.

References

[1] “The Value of Privacy by Bruce Schneier”. Schneier.com. Retrieved 2015-02-09.

[2] The Trouble with European Data Protection Law, Bert-Jaap Koops, Tilburg University, TILT e.j.koops@uvt.nl

Continue reading →

John Bun

Compliance Management//Data Privacy// IT Service Management // IT Governance // IT Audit // IT Risk Management // IT Security // LEAN // Lifehacking

Category Archives: data privacy