What Is The Big Shift In Business Industry In Terms Of GDPR?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Indeed, the obligations resulting from the GDPR induce a profound change in the way of managing personal data and protecting it. This applies to all companies that host, register, data from European residents or organizations within the EU.
Cyber Attacks: Risks for People and Societies With the daily use of social networks, online administrative platforms, Internet banking and the emergence of connected objects, our data is everywhere on the Web. Personal data are defined by Article 4 of the GDPR:By this broad definition, the GDPR touches a large number of public and corporate infrastructures. The goal is clear: to protect individuals from cybercrime. Indeed, attackers computer are fond of online services, often sensitive to security vulnerabilities. Using various modalities, malicious hackers retrieve lists of bank details, service account identifiers, and even information subject to professional secrecy. For companies, a major reason pushes to adopt the GDPR regulation: heavy penalties. Jean-Christophe Lecosse, director general of CNRFID declared to objetconnecte.com:”It should be noted that companies implementing solutions that do not comply with these regulations may be penalized by 4% of their worldwide turnover. This is an extreme novelty and the sanction is particularly strong for large groups. This is one of the issues we are very attentive to […] “. If the CNRFID is the organization highlighting the technologies of contactless, it remains nonetheless one of the actors of this change:”We are the administrators of the web platform in Europe where solution manufacturers can register the features of their products to protect privacy.” In the words of the Director General, two notions emerge, two notions that are often found in law. Sanctions and control are reinforced here with the GDPR. The control will be done by the countries, the EU and the companies themselves. For these private organizations, non-compliance with the GDPR may lead to a financial penalty equivalent to 4% of their worldwide turnover or 20 million euros. Important points of the GDPR regulations The GDPR has a real interest for the citizens of the 28 member countries of the EU. It strengthens information on the use of data, standardises data protection regulations and introduces the possibility of the right to forget at European level. In addition, Internet users and users of services involving personal data may request the portability of their personal data from one service to another. For their part, companies with more than 250 employees whose core business is to process personal data on a large scale are obliged to appoint a Data Protection Officer and representatives. These managers will be responsible for monitoring compliance with the GDPR and advising the Chief Protection Officer on possible applications. It is also the “interface” between the company and the regulatory body. In this context, they must ensure the default security of personal data, whether those issued by customers or by employees. This notion of “Privacy by Design” then becomes primordial and requires a reorganization of the data record.Managers will need to ensure that data is secure hosted on their IT system or in the cloud. In case of loss, theft, corruption, modification, companies have 72 hours to notify the authority of his country. If the problem reaches a particular individual, he too will receive a notification within the allotted time of the 3 days. Before these notifications, the flow of data and the different treatments must be recorded. The competent authorities around the GDPR, must be able to consult the various operations from an updated register following the rules defined in the text.
What changes? What will change for website operators with the EU’s general data protection regulation? Here are the main changes: 1. The obligation to document compliance with the General Data Protection Regulation.2. More complex consents and authorizations3. The principles of Privacy by Design and Privacy by Default4. Extension of rights to information and dereferencing (deletion of data)5. The right to transferability of data6. Far more extensive information requirements (eg for the privacy statement of a website)7. Prohibition of making consent conditional on the performance of a contract8. Very high fines
In this, the release of storage space within data centers optimizes infrastructure investments. This limits the duplication of data to excess while refining the level of security.Yet not all companies seem ready to implement the GDPR in 2018, according to a study by Veritas called Global Databerg. After surveying more than 2,500 IT decision-makers in 2016 in Europe, the Middle East, Africa, the United States and the Asia-Pacific, it reveals that 54% of them have not yet implemented place the necessary measures to comply with the GDPR.
After the application of the regulation, we must find the right balance between respect for personal data and continuity of services.