#GDPR: finally, the day has come
The General Data Protection Regulation will come into effects the 25th of May. By that date, all organizations in Europe or managing data of European citizens have to get ready for the change.
We have been talking about it for more than an year (see here our first article, with all the Regulation details), reminding that by the 25th of May all Organizations based in Europe and/or managing data of European citizens (in particular, all data allowing to univocally define one person) should get ready for the General Data Protection Regulation.
If you and your team are still asking yourselves what GDPR is and whether your data management has to be changed, keep reading: we will try to solve the remaining doubt.
The General Data Protection Regulation (GDPR) takes over the old Data Protection Act, introduced in Europe in the 1998, moving the ownership of personal data from the company to the person. This will allow individuals to have greater rights on their personal data, deciding whether or not and how to allow their use.
But, what organizations have to do in order to respect the new regulation?
Summing it up, the GDPR text does not state specifically how to store data, but says that organizations should:
- Protect those data taking all necessary action;
- Find, recover, and, in case, delete them in the shortest time possible;
- Provide them if required by the owner.
The last two points are related to the aspect of the Data Portability, introduced for the first time by the regulation.
Another new aspect is related to some figures to be defined: the Data Protection Officer, helping, monitoring and guiding the respect of the regulation, and the Lead Supervisor Authority, needed if data has to be moved between various Countries.
Finally, if any breach afflicting personal data occurs, it has to be reported within 72 hours from the moment the breach is discovered.
Functionalities like the tamper-proof access, providing information on who accesses data and when the action is done, or the file encryption, are now more important than ever, in order to avoid the penalties going from €10 millions or 2% of the Company global turnover, it the fault is not intentional, to €20 millions or 4% the global turnover in other cases.
Mida Solutions offering already provides these features, bringing the protection of those data collected through fax or recording systems, for example, at the highest standards. Discover more, download the eFramework App Suite for free or contact us for more details!