The General Data Protection Regulation (GDPR) is a revolutionary change in Data Protection and will in all likelihood become the de-facto gold standard for Data Protection regulation globally. This regulation was adopted on April 14th 2016 and after two years it was finally enforced on 25th May 2018 The two most significant areas in the regulation relating to Accountability and Enforcement.
- Accountability: The GDPR requires that the controller is responsible for making sure all privacy principles are adhered to. Moreover, the GDPR requires that your organization can demonstrate compliance with all the principles.
- Enforcement: The member state Data Protection Authorities (DPAs) must rigorously enforce the Regulation by issuing substantive penalties where organizations cannot adequately evidence compliance with the GDPR accountability principle. The main task of these National authorities to monitor the application of the Regulation, in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union.
There are many organizations such as those in finance and healthcare sectors, these organizations are already familiar with dealing with regulatory requirements. However, many other industries are bound to struggle with the implementation of these regulations. The enforcement day of May 25th, 2018 is approaching quickly, and action needs to be taken by organizations within the scope of the GDPR. They can hire someone who is an expert and has gdpr certification to tackle these things.
The important changes in the General Data Protection Regulation are:
- It applies to data controllers and data processors operating in the EU and those companies which process the personal data of data subjects residing in the Union, regardless of the company’s location.
- Consent statements must be as easy to revoke as it is to give; consent for minors must be given by their parents or guardians.
- All individuals must have the right to revoke and erase their data without any delay and without any additional cost
- The individual has the right to transfer his data from one controller to the other controller.
- Data controllers and data processors who are responsible for handling the data will be held responsible in case of all breaches.
- Privacy must be made a priority for all businesses and shall be included in the systems and processes by design.
|PHASE I: Prepare||
|PHASE II: Operate
|PHASE III: Maintain