What is it?
The General Data Protection Regulation, aka GDPR, is a new regulation enacted by the EU on April 2016 and which is going to be in force within 4 months (May 2018). It is considered to be one of the most revolutionary law revisions. This is because it is going to influence the entire regime of privacy data protection laws and to impose onerous requirements upon the holders and processors of such data.
In this article we will review the salient sections in the GDPR and discuss their implications.
The main aim of the GDPR is to strengthen and unify data protection rules so that subjects (the people upon whom the information is related or collected) will have much more control over their personal data.
The GDPR will apply on both the holder of the data (known as the “Controller”), the processor of the data (ie, cloud service providers) if the data relates to individuals who reside in the EU (including Switzerland, Norway etc.).
This means that even if the controller/processor are based outside of the EU but the data they hold relates to EU residents then they will be subject to the GDPR.
Why is it so dramatic?
GDPR replaces regulations which are more than 20 year of age.
There are many conceptual changes and new obligations to which businesses can be subject to and which are new.
Here are some examples:
The fast pace of technological developments is reflected in the wider definition of personal data under GDPR. This includes any data which is personal by its nature (such as name and address etc) but also location data, identifiers and any genetic data, biometric data (ie facial recognition and fingerprinting).
Not only personal data must be protected but also pseudonymous (ie, encryption of data like in the case of whatsApp).
What are the practical changes?
These can be divided into 2: Rights of the subjects and obligations on the businesses (controllers / processors).
As regards to subjects, they now have much more control regarding the Data collected. These include:
So what are my obligations from now on?
So what do I need to do?
Given that there is less than 6 months before the deadline for compliance, organizations absolutely must begin preparing immediately. There are several areas that are high priorities for action.
For more information please contact Porat Group with your specific questions.