What is the GDPR?
It knows on the new law of Protection of Data of the European Union
It knows everything what needs to know on the new law of protection of data of the European Union, that enters use the 25 of May of 2018.
What is the GDPR?
More likely, if it reads noticas in Internet, it has read about the GDPR.
The General Regulation of Protection of Data (GDPR by its abbreviations in English General Data Protection Rule) is the new legal frame in the European Union that it will replace to the present Directive of Protection of Data. The most important difference between both is the difference between a regulation and a directive. General Data Protection Regulation (GDPR) is a Regulation (2016/679) that he looks for to guarantee the privacy of the European citizens in Internet. He puts the center in the protection of the personal data of the subjects, so he reinforces his capacity of decision on his own data, he forces to contribute to transparency on the compilation and use of the same, and guarantees the fulfillment on the part of the companies of the norms established through severe fines. He replaces the Directive of Protection of Data of 1995 (95/46).
Unlike the directives they are recommendations to consider and they are not legally binding, the regulations yes are laws and make responsible legally to the companies. This means that the GDPR is a law and as so, must be fulfilled by all the member European states, whereas the previous Directive of Protection of Data was not it.
A regulation does not leave place to interpretation, rather is a group of norms that must be fulfilled.
What is happening?
The General Regulation of Protection of Datos (GDPR) will enter use in the European Union.
Surely at this point already it has listened on the GDPR, perhaps but it does not know about the details. Most important that it needs to know it is that the penalties of the GDPR can be of up to 10 million Euros. This means that the companies need to soon begin to evaluate how they will be affected by the regulation, and to be prepared.
To whom it affects the GDPR?
The Regulation also protects the European citizens when they interact with companies located in the European Union, but when their data are exported to third parties countries. That is to say: if an European purchase in a located digital store in the United States, the commerce will have to fulfill the European norm although it is operating from outside the EU. The center is put in the user.
How it affects the GDPR to him as user?
As usuary it will have to give an explicit permission to the companies with which it interacts. At any time any permission will be able to be revoked that has been granted and the user will even have right to the forgetfulness (called right to the erasure ), being able to solicit, through the adapted procedures, that value the elimination of certain information that affects to him in Internet.
Additionally the user will be able to ask for to the companies a copy of all the data that they have of him, and will have to give it in an exportable format so that the user can recognize it easily. This information will have to explain the details of the processing of the data, with whom they share and how they have been compiled.
How it affects the GDPR to him as company?
The companies will need an explicit consent their clients or users to successfully obtain, to treat and to use their personal data, and must mainly have a control the cycle of the same, knowing at any moment where they are in favor and of where happen.
If the users are smaller of 16 years, an explicit permission will be needed the parents or legal guardians to collect its data.
When the volume of data that compiles the company reaches a certain threshold, a person in charge will be due to name (Data Protection Officer - DPO-) so that she responds before your clients in 72 hours in case of problems less than related, as flights of data.
How to fulfill the GDPR?
Fulfilling this regulation is not far from easy. Many companies, and mainly the SMEs, do not know what there is behind his website, since has been subcontracted almost always to design companies Web and that prevents to know him exactly which information is compiling its website, if it is using cookies or keeping from some form information of his visitors. It is recommended to realise an Evaluation of Impact of Privacy (PIA) and an Evaluation of Impact of the Protection of Datos (DPIA) that allows to know what is making at the moment the company with respect to the data of its clients and users.
To whom it applies this regulation GDPR?
The GDPR applies a:
- Organizations with physical presence in at least some Member State of the European Union.
- Organizations who process or store data on individuals that reside in the European Union.
- Organizations who use services of third parties that process or store information on individuals that reside in the European Union.
Therefore, if you reside in the European Union or works with an organization who owns employees or clients in the European Union, is very probable that she is herself reached about the GDPR.
Which rights establish the GDPR?
- Right to be informed: It provides transparency exceeds how their personal data are used.
- Right to the access: It provides access to his data, to how they are used, and to any additional information that it can be used together with his data.
- Right to the rectification: It grants the right to that their personal data are rectified in case of being incorrect or incomplete.
- Right to being erased (or right to being forgotten or straight suppression): It is the right to that the personal data are removed of any place if does not exist a compelling reason so that they are stored.
- Right to limitation of the processing: It allows that the data are stored, but not process. For example, it can resort to this right if it feels that erroneous data about you are stored in the hope of sizings.
- Right to the portability of data: Envelope can ask for copies of the stored information you, to use in any other place. So it is the case if it applied for financial products between different organizations.
- Right to opposition: It grants the right to object about the processing of his data. An example could be the objection of which their data are used by organizations of direct marketing.
- Straight on the creation and decision making of automatic profiles: It allows to object on the automatic decision making that becomes on their personal data. Automatic one talks about to without human intervention. For example, the definition of certain habits of purchase online, in function to previous behaviors.
What follows now?
Now that already knows the basic concepts behind the GDPR, it can begin to evaluate the steps that her organization must take to fulfill the regulation.
Connections with important information on the regulation (some are in English):