Citizens of European Union (EU) member states enjoy robust personal data protection rights. These rights are defined in the EU General Data Protection Regulation (GDPR), which any business that processes or comes into contact with EU citizens’ data must follow.
The EU’s General Data Protection Regulation (GDPR) is one step in the crusade to strengthen citizens’ fundamental rights in the digital age. Therefore, it’s essential for companies to abide by GDPR when handling EU and EEA citizens’ private data. Failure to do so results in severe ramifications.
Data protection is already confusing, compounded by the fact that regulators constantly play a game of catch up with emerging technologies.
When it comes to newly introduced regulations, lawmakers gave organizations time to transition into the new norms. Unfortunately, that transition time is up; the maximum fine for GDPR non-compliance has already been issued to many European multi-nationals. However, SMEs are not hidden from the gaze of the regulator.
What separates the General Data Protection Regulation (GDPR) from its predecessors is its ability to recognize how the data landscape has changed over the past two decades. One way the regulation has accomplished that is by combining privacy protection with modern-day data processing techniques. And it has done so primarily through its recognition of special categories of data. The GDPR Special Categories of Data is a subsection of personal data that regulators have deemed as extra sensitive. This subsection of personal data requires additional security measures that ensure the privacy of the subject being processed.
There is a special feeling when launching a new project. It is exciting, a little nerve-racking, but always bursting with potential.
Your company might be going through a similar process and feeling. But you might be unsure about the privacy implications. You might wonder, is a DPIA required under GDPR?
Let’s set the stage. It’s 5 pm at the end of a workday; you’re ready to clock off when all of a sudden you get a ping on your phone advising you of a potential security event… what next?
The first thing: do not panic. Ascertain what the event was about, and if there is evidence of a breach, act.
The GDPR data breach reporting timeline gives your organization 72 hours to report a data breach to the relevant supervisory authority.
Issuing a sell-by-date on food products protects consumer health. Issuing a data deletion policy protects consumers’ privacy.
Many businesses are asking: how long can you store data under GDPR? Like the regulation regarding sell-by-dates, EU regulators have stated that the personal data you hold must have a shelf-life.
Data protection authorities have been cracking down on GDPR breaches, and experts are not exempt from regulators’ gaze.