New EU General Data Protection Regulation
GDPR - Why Companies have to act now
Personal data is one of the most important currencies for companies today – at the same time valuable and worth of protection. To work with this sensitive information, strict rules apply, such as the new EU General Data Protection Regulation (GDPR), which officially enters into force on 25 May 2018.
The focus is on the protection of citizens when processing personal data and ensuring the free movement of data within the EU. So far so good – the new regulations offer many benefits in terms of data protection. However, companies are facing big challenges!
Regulatory compliance must be ensured by May 2018. With GDPR, the wheel is not being reinvented. But new rules are being added and existing ones become more detailed. What that means for your business, how you can prepare for it in time and why you do not have to be afraid – ask us and our Experts!
Advellence supports you very much on the way to GDPR-compliant data management and data processing. Learn more about our customized solutions for your business.
The Key Points of the Regulation
1. The Right to access Data
This means data owners have the right to request access to their personal data and to ask how their data will be used by a company. Upon request, the company must provide a copy of the personal data – free of charge and in electronic form.
2. The Right to be forgotten
If data owner are no longer customers or if they cancel their consent to use their personal data at a company, then they have the right that their data is be deleted.
3. The Right of Data Portability
Data owners have the right to transfer their data from one service provider to another. And the data transfer has to happen in a common and machine-readable format.
4. The Right to be informed
Data owners must be informed before data is collected. These must agree that their data will be collected and the consent must be given explicit and not just hinted at.
5. The Right to correct Data
This ensures that data owners can have their data updated if they are outdated, incomplete or incorrect.
6. The Right to restrict Data Processing
Data owners may request that their data not be processed. Their data can stay in place as it is, but are not allowed be used further.
7. The Right to contradict
This includes the right of data owners to stop processing their data for direct marketing. There are no exceptions to this right and any processing must stop as soon as the contradiction is received. In addition, this right must be communicated to every individual at the beginning of each communication.
8. The Right to get Notification in Case of a Data Breach
In the case of a data breach that affects the personal data of a data owner, the data subject has the right to be informed within 72 hours after becoming aware of the data breach.