GDPR (General Data Protection Regulation) is a European Union regulation designed to increase the protection of EU citizens’ personal data. It is valid and compulsory for all organizations that collect, process or store personal data of Europeans. Is efficient from May 25th 2018. GDPR aim is to protect the personal data of EU citizens.
Who is the GDPR obliged for?
The obligation to fulfill the requirements of the protection of personal data in accordance with Directive GDPR touches every individual entrepreneurs, businesses, organisation that collect, process or store personal data of citizens of European Union. This concerns not only European companies but also any non-European company or organization that operates on the European market.
Given that the employment of people processes personal data on each company refers to this requirement virtually all business entities.
What data is covered by GDPR?
GDPR applies to any personal data of any people which organization collects
- Personal data of employees
- Customers’ personal data
- Personal data of suppliers
- Personal data of other people
GDPR expands general personal data. It consider as personal data as follows:
- name and surname
- Age and date of birth
- personal state
- e-mail address
- telephone number
- State-issued identification information (eg. Social security number, ID card, passport number etc.)
- IP address
- And other sensitive data, genetic and biometric data (we continually refine)
What does mean GDPR for companies and organizations?
On May 25th 2018 all companies must have revised their processes, procedures and used records, applications or information systems which keep the personal data of people. Firms must implement organizational, procedural and technical measures in order to demonstrate compliance with the requirements of GDPR.
- to prove that they keep only the data necessary for a particular purpose
- have to demonstrate to how they treat personal information throughout the processing
- have to keep data secure and verifiable manner, and demonstrate who has access to them
- In the event of a security breach (in other words, the leak of personal information) will have to notify responsible body
If the organization does not have an appropriate information system, it will mean a substantial administrative burden. Organizations of a certain size orders to establish a freelance position DPO (Data Protection Officer). Its task is to supervise the observance of rules of handling personal data.
Regulation introduces GDPR heavy fines. The fine can reach up to 4% of total revenue, or up to EUR 20 million.