What Is The Big Shift In Business Industry In Terms Of GDPR?

What Is The Big Shift In Business Industry In Terms Of GDPR?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

Indeed, the obligations resulting from the GDPR induce a profound change in the way of managing personal data and protecting it. This applies to all companies that host, register, data from European residents or organizations within the EU.

Cyber Attacks: Risks for People and Societies With the daily use of social networks, online administrative platforms, Internet banking and the emergence of connected objects, our data is everywhere on the Web.  Personal data are defined by Article 4 of the GDPR:By this broad definition, the GDPR touches a large number of public and corporate infrastructures. The goal is clear: to protect individuals from cybercrime.  Indeed, attackers computer are fond of online services, often sensitive to security vulnerabilities. Using various modalities, malicious hackers retrieve lists of bank details, service account identifiers, and even information subject to professional secrecy. For companies, a major reason pushes to adopt the GDPR regulation: heavy penalties.  Jean-Christophe Lecosse, director general of CNRFID declared to objetconnecte.com:”It should be noted that companies implementing solutions that do not comply with these regulations may be penalized by 4% of their worldwide turnover. This is an extreme novelty and the sanction is particularly strong for large groups. This is one of the issues we are very attentive to […] “. If the CNRFID is the organization highlighting the technologies of contactless, it remains nonetheless one of the actors of this change:”We are the administrators of the web platform in Europe where solution manufacturers can register the features of their products to protect privacy.” In the words of the Director General, two notions emerge, two notions that are often found in law. Sanctions and control are reinforced here with the GDPR. The control will be done by the countries, the EU and the companies themselves. For these private organizations, non-compliance with the GDPR may lead to a financial penalty equivalent to 4% of their worldwide turnover or 20 million euros.  Important points of the GDPR regulations The GDPR has a real interest for the citizens of the 28 member countries of the EU. It strengthens information on the use of data, standardises data protection regulations and introduces the possibility of the right to forget at European level. In addition, Internet users and users of services involving personal data may request the portability of their personal data from one service to another. For their part, companies with more than 250 employees whose core business is to process personal data on a large scale are obliged to appoint a Data Protection Officer and representatives. These managers will be responsible for monitoring compliance with the GDPR and advising the Chief Protection Officer on possible applications. It is also the “interface” between the company and the regulatory body. In this context, they must ensure the default security of personal data, whether those issued by customers or by employees. This notion of “Privacy by Design” then becomes primordial and requires a reorganization of the data record.Managers will need to ensure that data is secure hosted on their IT system or in the cloud. In case of loss, theft, corruption, modification, companies have 72 hours to notify the authority of his country. If the problem reaches a particular individual, he too will receive a notification within the allotted time of the 3 days. Before these notifications, the flow of data and the different treatments must be recorded. The competent authorities around the GDPR, must be able to consult the various operations from an updated register following the rules defined in the text.

website operators must be vigilant The General Data Protection Regulation contains practically no explicit rules for e-commerce, web design services or web development company but rather lays down general principles of data protection, the subdomains of which are governed by other laws and ordinances. Nevertheless, the RGPD rules also bring some innovations for e-commerce. In this regard, for more information, you can consult the following two sections. What does not change? In addition to the aforementioned regulations for companies, the RGPD ultimately implies few changes for e-commerce. Central themes for website operators such as cookies, user tracking, spam and direct marketing are not explicitly mentioned in this regulation. But the RGPD has indeed been complemented by another regulation of the European Parliament on the protection of privacy online: it is ePrivacy. On 23 October 2017, the European Parliament voted on the proposal for a regulation, which aims to amend the directive of the same name, which dates from 2002. The date of entry into force should potentially be the same date as that of the RGPD, but since In the meantime, changes may be made to the legislative process, in particular by the European Commission, the date is likely to be postponed. Indeed, the project provides a very strict consent requirement for cookies. And if the text is definitely adopted in its current state, it would have serious  repercussions on the use of cookies, targeting and personalized advertising. We must therefore wait to see how this text will be modified, it is thus unlikely that it will come into force by the end of 2018. Nevertheless, the operators of Web sites and the actors of the e -commerce must absolutely monitor the evolution of the ePrivacy regulation also called “privacy and electronic communications” since it aims to strengthen the protection of the privacy of European citizens at the digital level.

What changes? What will change for website operators with the EU’s general data protection regulation? Here are the main changes: 1. The obligation to document compliance with the General Data Protection Regulation.2. More complex consents and authorizations3. The principles of Privacy by Design and Privacy by Default4. Extension of rights to information and dereferencing (deletion of data)5. The right to transferability of data6. Far more extensive information requirements (eg for the privacy statement of a website)7. Prohibition of making consent conditional on the performance of a contract8. Very high fines

List of measures to comply with the GDPR for businesses If you want to start applying the new basic EU regulation on data protection, the first rule is already to know that the required measures vary from one company to another. However, there are certain measures and precautions that any company must take into account. We list them below: Ø  Establish compliance documentation for the processing of personal dataØ  Define a list of treatment activitiesØ  Establish means of communication for queries and requests from customers and users about data protectionØ  Check if you need to appoint a data protection officerØ  Adapt the privacy policy of your website to the new regulationsØ  Consult the head of your technical department and the data protection officer to determine if the current data protection measures are sufficient. In some cases, additional measures may be taken or it may be sufficient to better integrate your existing measures into the IT infrastructure.Ø  All personal data collected that violates the prohibition of the subordination of a consent contract must be collected differently and as data provided on a voluntary basis.Ø  If you have contracted external service providers (outsourcing) to administer and manage the personal data of your company, you need to clarify with them whether the agreements reached correspond to the data protection reform, and whether necessary to modify your agreements to be in compliance with the new specifications.Ø  Check how you get the agreement, the consent of your customers in your online shops and adapt the procedure according to RGPD.Ø  Stay tuned to the application of the ePrivacy regulation and in particular its date of application because it will regulate in particular how online stores can use cookies and analysis toolsØ  If you are unsure, do not hesitate to seek the advice of a professional

In this, the release of storage space within data centers optimizes infrastructure investments. This limits the duplication of data to excess while refining the level of security.Yet not all companies seem ready to implement the GDPR in 2018, according to a study by Veritas called Global Databerg. After surveying more than 2,500 IT decision-makers in 2016 in Europe, the Middle East, Africa, the United States and the Asia-Pacific, it reveals that 54% of them have not yet implemented place the necessary measures to comply with the GDPR.

After the application of the regulation, we must find the right balance between respect for personal data and continuity of services.

 

Leave a Reply

Close Menu