Big Day for your Data – What did GDPR changed from 25 Mai 2018?
As from 25/05/2018, the new European data protection rules (GDPR) from companies and governments require that they use your data more carefully. Otherwise, companies and governments can be expose to the risk of huge penalties.
After a start-up period, companies operating in the European Union must henceforth be in line with new data protection rules. Thanks to the rise of online services, such as social media and e-commerce, more and more companies have access to your data. GDPR have to make sure that they take your privacy seriously this time.
GDPR compliance report from Crowd Research Partners and Cybersecurity Insiders in partnership with the 400,000+ member of Information Security Community on LinkedIn reveled thatGDPR is a priority for the vast majority of respondents (80%); for a third of respondents (34%) it is one of the top three priorities. 20% say GDPR isn’t a priority – but that won’t relieve them from having to comply with the law.
What is it about?
As already explained in detail in our previous blog posts, the idea behind the General Data Protection Regulation (GDPR) is that you retain control over who uses your data and for what purposes. Companies that want to send you a newsletter or promotional e-mail must have your explicit permission. The request for permission must also be specific, clear and not ambiguous.
But the requirement to ask for your permission does not always apply. Sometimes a company needs your data to be able to deliver a product or service. If you want a parcel to be delivered through a webshop, it needs your address. You are then in a contractual relationship. Governments can also process data without permission as they have legal obligations to fulfill.
What can you expect?
You’ve probably received a rain of mails during the last few days and weeks. These are meant to ask for your permission to keep contacting you. But companies, if properly prepared, also present new privacy tools in the same mail. This is mostly a dashboard where you as a customer can change your privacy preferences at any time.
After all, it is not because you once gave your permission to process your data, that this always has to be the case. The new rules stipulate that you can view, modify or remove your data at any time. At least: you can submit a request for it. Companies still have a lot of work to do that.
The new rules must also allow you as a customer to ‘take’ data with you. If you changed telecom operator in the past, you had little say on what happened to your old data provider with your data. Now you have the right to have the data removed and your data, ‘in a readable format’, with you. That can feed competition.
What if you did not respond to any e-mails?
The aforesaid drugs work, for sure, very effectively and help a http://appalachianmagazine.com/category/life/faith/?filter_by=popular7 cialis wholesale man stay in better physical shape. And, improper functioning of reproductive organs can brand cialis for sale check out for source negatively have an effect on sexual health of males, next to giving rise to a alteration in their temper and deeds. So the best way to cure sexual disorders. http://appalachianmagazine.com/2016/07/19/uber-services-now-available-in-west-virginia/ cialis discount online We see plenty of men sitting at home, taking care of children, while allowing their partner to go out and free sample levitra run a marathon either.
We all saw emails coming in with the question from companies if they could still contact you. Companies that do not have your explicit permission and still contact you from today onwards, in theory, is illegal.
What are the concerns for companies?
The first question that every company must ask itself is whether it processes personal data. This includes the disclaimer that there are few companies that do not collect or process data. Personal data are not only limited to the data of customers, but also those of employees.
For that reason, personal data is often distributed throughout the entire company, from customer service to HR. A good first step is setting up a data register, which maps out which department processes which type of data. The company can then make a privacy statement, which lists which data are kept and for which reason. A number of specific companies that collect sensitive data on a large scale must also appoint a data protection officer from now on.
Are companies ready?
It won’t sound so shocking if I say that most of companies aren’t ready. GDPR compliance report from Crowd Research Partners and Cybersecurity Insiders in partnership with the 400,000+ member of Information Security Community on LinkedIn reveled that 60% of organizations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.
What are the challenges in GDPR adoption?
Up-mentioned study shows that the biggest challenge in GDPR adoption is related with lack of expert staff (43%), followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.
Who checks and what are the fines?
The majority of the GDPR regulation is a repetition of previously existing principles. The big difference is that European companies that are too lax with your data can now be hit in their wallets. With a maximum of 20 million euros or 4% of the annual turnover.