Preparations are well underway to make Galooli compliant with the General Data Protection Regulation(GDPR). The GDPR will become an EU law on 25 May 2018 and will apply to all organizations which conduct business with the EU. For those of you who are still perplexed about what this regulation will include and what it’s all about, here is a short introduction to the protection of personal data of EU citizens, and how it’s going to affect individuals and companies with regards to data collection and privacy.
How will organizations be affected by the GDPR?
The GDPR is one of the most significant pieces of legislation to come out of the European Commission in many years and was subject to a considerable amount of debate prior to its publication in 2016. It is different from the previous Directive in that it is a Regulation. This means that it will become law in all of the member states of the EU at the same time. This contrasts with the previous Directive which required individual member states to create their own laws to implement it, leading to some variation across members. The objective of the GDPR is not only to protect EU citizens’ personal data but also to smooth the flow of data between countries, so aiding commerce.
Penalties for non-compliance
Under the GDPR, organizations in breach could be fined with up to 4% of annual global turnover or €20 Million (whichever one is greater). This is the maximum fine that can be imposed for the most serious infringements.
How will Individuals be affected by the GDPR?
Designed to protect individuals and grant them with control over their privacy and the data shared with 3rd parties, the new GDPR regulation is based on the following 9 rights:
1. Right for information – Individuals should be notified of what data is collected about them and what it will be used for.
2. Right of access – Data should be easily reached and open for review
3. Right to rectification – Individuals are granted with the right to have information about them changed/corrected.
4. Right for erasure (right to be forgotten) – an individual can request to have information about him/her removed ( if an organization have no legal right to hold it)
5. Right for restriction of processing
6. Right for notification of rectification or erasure
7. Right for data portability – the data subject is allowed to take the data written about him/her away
8. Right to object
9. Right to object to automated decision making – mechanisms based on AI and algorithms should take individual requirements into consideration.
When it comes to Galooli and to the effect of the regulation on our current and prospective customers, a complete GDPR related guide will be published soon.
For further information about the full scope of the GDPR regulation, please refer to the Official Journal of the European Union