In 2016, the European Union passed the General Data Protection Regulation ("GDPR") to replace an outdated data protection directive that had been in effect for over 20 years. The GDPR is a set of new policies designed to give residents of EU member countries more control over their personal data, privacy and consent. The policies were designed to reflect the world we live in now as they come with laws and obligations that reflect the high internet usage in modern times.
Under the GDPR rules, organisations will be required to ensure that personal data is gathered through legal means and protected from misuse and exploitation. They will also be required to respect the rights of data owners or risk facing harsh penalties.
Organisations established in the European Union and those that process personal data of EU-based residents are required to implement measures to comply with the GDPR by 25 May 2018.
Your business must take the following steps before the GDPR comes into effect:
Assess compliance
If your organisation needs consent from users to legitimise relevant data processing activities, you will be required to use simple and clear language. Pre-ticked boxes are no longer considered a valid form of consent.
Be ready to deliver personal data to individuals
Users can now request for their personal data in their desired format. They can also ask the organisation to transfer their information to a partner or similar company.
Examine data breach notification measures
The GDPR outlines the steps to be taken after a data breach. Organisations will be required to issue a notification no later than 72 hours after the breach.
Obtain parental consent for children
Parental consent is required for all information services provided to children under the age of 16. The GDPR allows member countries to amend the age required to 13 should they choose to do so.
The GDPR has been critiqued as a step in the right direction in a world that increasingly conducts business online.
Did You Know?
PayrollServe is compliant with SSAE18, ISAE3402 & SSAE 3000 (ABS OSPAR-certified).
-cropped.svg)
