GDPR is a policy that originated from the European Data Protection Act, an extension to the EU’s 1995 Data Protection Initiative, including all the member state law with the UK’s 1998 Data Protection Act in its entirety. The provisions are exclusive and compulsory to all operations that collect data and must comply to date rights of persons, under new laws that apply to all the companies that use, manage, or interpret personal data. GDPR is a policy that originated from the European Data Protection Act, an extension to the EU’s 1995 Data Protection Initiative, including all the member state law with the UK’s 1998 Data Protection Act in its entirety. The provisions are exclusive and compulsory to all operations that collect data and must comply to date rights of persons, under new laws that apply to all the companies that use, manage, or interpret personal data.
It also includes a “wider similar regime” — or “the applied GDPR” — to those processing functions that are outside the scope of GDPR, that also consists of the analysis for law enforcement data and date operations by public authorities.
You must make sure that your organisation remains compliant to the GDPR provisions as failure may lead to heavy penalties and imposition of fines.
All EU organisation must comply with the GDPR if they record, store, and process the personal information of individuals.
Some of the Changes and Provisions of the Regulation
Compliance and Monitoring
You should be in complete compliance with the GDPR. The observances include:
- Have a governance system in place with a defined role and responsibilities.
- Keep a record of all the data that goes in processing.
- Keep documentation for all policies and procedures.
- Ensuring to implement data protection impact assessments for that processing that are high-risk.
- Take security measure to protect personal information.
- Conduct staff training sessions.
- Appoint a data protection officer.
- Go through the complete GDPR compliance checklist
The six data processing provisions
The DPA 1998’s had eight data protection principles, while the new GDPR provisions have six data processing principles for the data controllers to be fully compliant within all data collection and processing operations.
Except for defined categories of personal data, which are not taken in processing unless there are certain conditions, the particular data can only go for processing.
Privacy privileges of individuals
Individuals’ rights are protected and extended in many important areas. Data subjects have:
- The right to be informed
- The right to access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to the processing
- The rights to object on automated decision making and profiling
The GDPR introduces strict policies and direct rules for obtaining agreement in case of third party data processor:
- The Processor must have adequate information security in place.
- The Processor must not use sub Processors without the consent of the Controller.
- The Processor must report data breaches to the Controller without delay.
- The Processor must comply with EU trans-border data transfer rules ;
- The Processor must help the Controller to comply with data subjects rights
- Data protection by design and by default
Data controllers and processors must take technical and organisational measures to implement the data processing rules effectively.
Transparency of Data
Organisations should have a clear and transparent agenda when using personal data such as who is going to use the data and why.
Data transfers outside the EU
The transfer of data outside the EU will be within the compliance of EU GDPR and must comply with all regulations.
- Breach of Data
Any breach of personal data that includes, loss, alteration and unauthorized access to information will be considered a particular personal data breach.
DPO (data protection officer)
Appointment of a DPO is mandatory for all organisations working under the ambit of GDPR.
Understanding Personal Data
Any data that is exclusive to a person or entity comes under personal data and must be in full protection as per the General Data Protection Regulation directives. Personal data includes names, address, photo identification, IP address, profiling, and online information, and all personal data details.