At Dataton, your privacy is important. That’s why we’re already preparing for the European Union’s General Data Protection Regulation (GDPR). This new legislation is designed to unify and strengthen data privacy laws for all individuals across Europe and will come into effect on May 25, 2018. Read on and see how we’re getting ready for the GDPR, plus how the new rules may affect you.
How is Dataton preparing for the GDPR?
Dataton began work on GDPR compliance back in May 2017, a full year before the regulation comes into effect. Owing to the complexity and extent of the regulation – and because we value your right to privacy – we wanted to start early! This is what we are doing:
- Appointing a Data Protection Officer
- Researching which areas of our business are impacted by GDPR
- Rewriting old, and creating new, Data Protection Agreements where necessary
- Revising internal processes and procedures to achieve compliance with GDPR
We are well underway on all these tasks, and are fully committed to being compliant prior to the effective date for the legislation.
As you can see, we are taking the GDPR seriously. We operate in a global market and use a number of services and products where user information is stored, and we strive to verify that these companies and services also follow the GDPR.
What’s NEW IN THE 2018 GDPR?
The GDPR is the biggest and most comprehensive change in data privacy regulation since the introduction of the 1995 directive. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in a world that has changed dramatically since 1995. Key principles from the 1995 directive are still valid, but many changes have been made to the new directive. The information below is based on the official EU GDPR article on key changes.
- Strengthened rights for individuals. GDPR provides a set of expanded rights for individuals, by providing the right to be forgotten, changing conditions for consent, breach notifications as well as rights to information access and data portability (transfer).
- Increased territorial scope. The biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR. Regardless of their location, companies processing the personal data of European individuals are affected.
- Fines. Organizations in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
- Conditions for consent. These have been strengthened, and it is not possible to hide behind incomprehensible legalese and endless terms. The request for consent must be given in an intelligible and easily accessible form, clearly specifying the purpose for data processing attached to the consent.
- Breach notification. Breach notification will become mandatory, whenever a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach.
- Right to access. Individuals can obtain information on how personal data concerning them is being processed, where and for what purpose. The controller is obliged to provide a copy of the personal data, free of charge, in an electronic format.
- Right to be forgotten. Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
- Data portability. Data portability gives the right for person to receive the personal data concerning them, in a 'commonly used and machine-readable format' and have the right to transmit that data to another controller.
- Privacy by design. Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than as an addition.
To learn more about how Dataton is implementing the GDPR, please contact us on: email@example.com