General Data Protection Regulation
Information have become a valuable commodity, the same as all valuables, information have to be safeguarded and protected.
General Data Protection Regulation (GDPR) is European Union’s new law on data privacy which comes into effect on 25 May 2018. Click here for the complete regulation.
GDPR provides citizens of the EU control over their personal data and changes the way privacy is handled by organizations across the world.
Personal Data – Information that directly or indirectly identifies a living person (‘data subject’) through an ID number or their physical, mental, economic, cultural or social identity
Sensitive Personal Data – Health, race/ethnicity, religious/ philosophical opinions, trade union membership, political opinions, sexual life/orientation, genetic/ biometric data, criminal convictions/history
Processing – Automatic or manual operations performed on personal data – collecting, recording, organizing, storing, accessing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, making available, aligning, combining, blocking, deleting, erasing or destroying
Data Controller – Organisation that determines the purpose and manner of processing personal data
Data Processor – Organisation that processes personal data for the data controller
Basic Principles
Increased Scope
The regulation applies not only to businesses and organizations operating in Europe but also those ‘processing the personal data’ of people living in the European Union. Which are most websites around the world.
Consent
Everyone must consent to data collection. This also applies to background data such as IP address if it’s used to identify an individual.
Right to access.
Individuals will have the right to know what data have been collected and how it is used.
Right to be Forgotten
An individual will have the right to have their data deleted.
Privacy by Design
It means that data privacy is a fundamental design of the system.
Who is affected by GDPR?
The GDPR applies to any organizations anywhere regardless if they are geographically in the EU or not if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location.
Ex.: The GDPR applies to a company in Dubai if the company captures, stores and process data of EU subjects such as customers, or suppliers from the EU. It may also apply to personal blogs if there are blog subscribers from the EU.
What if we don’t comply?
Organizations can be penalized up to 4% of annual income for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having enough customer consent to process data or violating the core of Privacy by Design concepts. More information on this at GDPR FAQ.
[wc_box color=”secondary” text_align=”left” margin_top=”” margin_bottom=”” class=””]
We are in the process of ensuring compliance to GDPR and will inform our readers/subscribers of actions that will be taken.
[/wc_box]
Meet the “A” in A, B & Me! I’m your tech-savvy guy, but I’m also a big fan of action-packed movies, binge-worthy TV shows, whipping up hearty dishes (and devouring them with gusto!), and going on thrilling adventures around the globe. Let’s dive into the tech world together, with a side of rugged excitement.
We would love to hear what you think! Leave us a message: