GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The export of personal data outside of the EU is protected in this regulation.
The GDPR was approved by the EU Parliament on 14 April 2016 and has been enforced on 25 May 2018. It is also to replace the Data Protection Directive 95/46/ec.
Why is GDPR designed? It is to harmonize data privacy laws across Europe and most importantly to protect the EU citizens data privacy and information.
What is classed as sensitive data and information in this matter? It includes information of a person’s name, age, race, ethnicity, political opinions, religious beliefs, sex and gender, age, physical and mental health, criminal records and so forth. Web data includes information such as IP address, location, web browser, cookie datas and RFID tags.
Does this regulation affect my company or business? If your company collects, stores and processes personal information of EU Citizens, you are required to comply. If your company checks on any of these criteria, you are required to comply:
- Company in the EU country
- Not a company in the EU, but handles and processes data of EU citizens
- Company with more than 250 employees
- Company with less than 250 employees, but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data.
What can my company do to be in compliance with this regulation?
First of all, how big is your company? If it’s less than 250 employees, you do not have to comply to all GDPR rules. You do not have to document why personal data is being collected and processed, the information you’re storing or how long for. Smaller companies are not required to maintain a record of processing activities.
- Educate your employees who are somewhat involved in processing the data and personal information. This includes staff that does the data entry of an EU client’s personal data into your company’s system.
- Use tools that will ensure privacy. Check with your IT staff to ensure that the tools you’re using in your company are 100% safe and the best to work with.
- Review your company’s IT systems and procedures to check if they’re up to date and comply with the GDPR requirements for privacy, and to ensure that your company only processes necessary minimum personal data.
- Hire a DPO (Data Protection Officer), however it is not necessary, especially for smaller companies.
Are you GDPR compliant? GDPR requires all companies to comply by May 25 2018, otherwise you’ll face with fines and penalties up to €20 million. So get your company and employees prepared for GDPR if you haven’t already complied to this regulation.