The General Data Protection Regulation or GDPR is a European Union legislation put in place to control how companies process consumer data. Approved in April 2016, this law is scheduled to replace the current Data Protection Directive and must be implemented across all the European Union member states.
So what are some key policies in this legislation?
Right of Access
This policy gives individuals the right to access a copy of their data as well as any related information from companies. It is also referred to as subject access and once an individual requests for their personal data, companies will have up to one month to respond to their requests. The right of access policy is meant to make individuals to understand whether organisations are processing and using their information the right way.
In a bid to promote trust, GDPR requires you to give people genuine control over the way you use their data. As an organization, you will need to obtain the consent of individuals before processing their data.
Right to Object
GDPR gives individuals the right to restrict companies from processing their personal data. However, this policy only applies in certain circumstances depending on the purpose of processing the data and the initial agreement between the parties involved. For instance, people can stop the use of their information for direct marketing until a valid reason is provided. However, the right to object may be limited in circumstances such as statistical purposes, historical research or in tasks carried out to benefit the interests of the public.
Accountability is one of the greatest changes introduced through the GDPR. This policy states that organisations must be responsible for and ensure compliance to all the other policies included in the GDPR law. Every organisation is expected to meet its obligation when it comes to data protection and must be ready to demonstrate compliance to GDPR rules. If you are having challenges with the new rules, you can engage the services of IT support companies such as https://www.amazingsupport.co.uk/our-support-areas/local-it-support-in-stevenage/ which will help you understand the policies and gain compliance.
You must ensure that all personal data is processed securely. To accomplish this, you must consider some physical concepts such as organizational policies and risk analysis as well as technical measures like securing your data processors, use of pseudonyms and encryption. You also need to ensure that your organization has appropriate tools to measure the effectiveness of processes and undertake the necessary improvements.
Generally, GDPR gives individuals rights to be informed, access, rectify, erase, and restrict processing of personal data. The legislation also emphasises on the right to data portability, objection and involvement in automated decision making. Any organisation that breaches the GDPR laws may be fined up to 4 percent of its annual turnover.