Imagine how much various data about us is processed every single day. It can be our telephone numbers, names, surnames, photos, videos, data of GPS, etc.
In May 25, 2018, General Data Protection Regulation (GDPR) will enter into force. This Regulation will be based on 20 years created basics, but the changes are that it will be modernized and unified in all EU member states (it will be also in countries that are outside but cooperates with EU). The aim of GDPR is to increase data control and security of them.
So, what we need to do to be safe?
- Be sure that your data is private, adequate and precisely. You need to keep strongly all of your data.
- Cooperate with one supervisory authority to be safer. If you have more, you could be confused.
- Set up an individual IP address and Social Security number.
- Pay your attention to review third parties who have access to data that you keep. Just in case think about to whether people who have any information really need it? Sometimes, it happens that employees see salaries of others. You understand that it is not necessary.
- Review and trust your regular partners, make the conclusions.
- Track your data. Better if only you will do it because it will be interesting and after you will have complete understanding what was done with concrete data. Bear in mind that you will need to make the changes regularly, it isn’t one-time work.
- It is essential that you will discuss with your employees about the changes and will make sure that they understand what will happen.
- The cloud service organizations need to be more careful, because they have a lot of important data.
- Of course, we need to start now because it all takes a long time. All companies will need to show compliance by May, 2018.
What about changes?
- We will have the rights to be forgotten. You will able to demand, which data need to be erased and argue against concrete data processing.
- GDPR will have bigger fines. They will reach 2-4% of global annual turnover or 20 million EUR. The amount of penalties will depend on the breaches.
- Companies will need to tell about the identified risks within 72 hours from the first awareness. For example, what are the risks, how did it happen, what to do promptly etc. Otherwise there will be penalties.
- We will free to choose which information we want to see. That is why we need to be ready to more „cookies”. The information we agree will be presented, using plain language. We will be able to access our data, too.
- Children will not be able to independently register in social networks and also to agree with data processing. They will need a parental consent.
- The competition in a digital century will be fairer, because of the high and united level of data protection in all EU (28 countries).
- Companies who working with data will need to do data minimization, included only necessary information. In example, there may not be the information about a person’s character or voice timbre.
Inherently, we don’t need to fear of GDPR. We just need to take security measures now, on time, appreciate and trust existing partners, regularly keep track of the changes and erase unimportant information in bases of our data.