General Data Protection Regulation 2016/679 (GDPR)
The new Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC effective May 25, 2018. The GDPR is directly applicable in each member state and will lead to a greater degree of data protection harmonization across European Union nations.
Although some companies have already adopted privacy processes and procedures consistent with the previous Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant organizations (Controllers and Processors).
But the compliance alone is not enough; Controllers and Processors will also have to demonstrate their compliance and prove that they are taking data protection seriously by implementing a range of accountability measures such as Privacy Impact Assessments, data protection audits and security policy reviews.
The new General Data Protection Regulation is governed by the following pillars:
- Consent of individuals
- Technology Independency
- Concern all process types of Personal Data
- Impact Assessment(s)
- A Regulation for all Europe
The full text of the regulation can be viewed or downloaded from this link
The Regulation in its application will have operational impacts
to the companies. That’s why Data Controllers and Processors are good to know what the companies must do
to comply. For that reason, Netbull methodology
has been developed to help companies’ compliance with the Regulation.
THE OPERATIONAL IMPACTS
There are significant changes to Europe’s data protection regime under the GDPR, but the introduction of heightened fines and a robust enforcement mechanism suggest that the Regulation’s provisions should be taken seriously.
WHAT THE COMPANIES MUST DO?
With new obligations on such matters as data subject consent, data anonymization, breach notification, trans-border data transfers, and appointment of Data Protection Officer (DPO), to name a few, the GDPR requires companies handling EU citizens’ data to undertake major operational reform.
Our company is specialized in information security and has a holistic approach to the GDPR compliance of companies that collect, maintain and process personal data. The approach contains assessment services, implementation of technological measures and monitoring of security systems on 24 hour basis.
To understand the terms of the regulation, you can see the definitions of GPRS.