What is GDPR and How Does It Impact Your Business?

GDPR stands for the General Data Protection Regulation.

This regulation has been implemented in all local privacy laws across the entire EU and EEA region. It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents.

What GDPR means is that citizens of the EU and EEA now have greater control over their personal data and assurances that their information is being securely protected across Europe.

According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.

There is no distinction between personal data about individuals in their private, public or work roles – the person is the person. Also in a B2B setting, everything is about individuals interacting and sharing information with and about each other. Customers in B2B market are obviously companies, but the relationships that handle the business topics are people – or individuals.

The 8 basic rights of GDPR

Under the GDPR, individuals have:

1.      The right to access –this means that individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.

2.    The right to be forgotten – if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.

3.    The right to data portability – Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine-readable format.

4.    The right to be informed – this covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.

5.  The right to have information corrected – this ensures that individuals can have their data updated if it is out of date or incomplete or incorrect.

6.    The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.

7.    The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.

8.  The right to be notified – If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.

The GDPR is the EU’s way of giving individuals, prospects, customers, contractors and employees more power over their data and less power to the organizations that collect and use such data for monetary gain.

The business implications of GDPR

This new data protection regulation puts the consumer in the driver’s seat, and the task of complying with this regulation falls upon businesses and organizations. Otherwise, you’re failing to comply.

What falls under GDPR compliance?

Well, GDPR applies to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU or not. Even non-EU established organizations will be subject to GDPR. If your business offers goods and/ or services to citizens in the EU, then it’s subject to GDPR.

All organizations and companies that work with personal data should appoint a data protection officer or data controller who is in charge of GDPR compliance.

There are tough penalties for those companies and organizations who don’t comply with GDPR fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.

Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It has broad-sweeping implications for the whole company, including the way companies handle marketing and sales activities.

The impact of GDPR on customer engagement

The conditions for obtaining consent are stricter under GDPR requirements as the individual must have the right to withdraw consent at any time and there is a presumption that consent will not be valid unless separate consents are obtained for different processing activities.

This means you have to be able to prove that the individual agreed to a certain action, to receive a newsletter for instance. It is not allowed to assume or add a disclaimer and providing an opt-out option is not enough.

GDPR has changed a lot of things for companies such as the way your sales teams prospect or the way that marketing activities are managed. Companies have had to review business processes, applications and forms to be compliant with double opt-in rules and email marketing best practices

****************************************************************************************

GDPR Fines & Penalties

Administrative fines

The GDPR imposes stiff fines on data controllers and processors for non-compliance.

Determination

Fines are administered by individual member state supervisory authorities (83.1). The following 10 criteria are to be used to determine the amount of the fine on a non-compliant firm:

·         Nature of infringement: number of people affected, damaged they suffered, duration of infringement, and purpose of processing

·         Intention: whether the infringement is intentional or negligent

·         Mitigation: actions taken to mitigate damage to data subjects

·         Preventative measures: how much technical and organizational preparation the firm had previously implemented to prevent non-compliance

·         History: (83.2e) past relevant infringements, which may be interpreted to include infringements under the Data Protection Directive and not just the GDPR, and (83.2i) past administrative corrective actions under the GDPR, from warnings to bans on processing and fines

·         Cooperation: how cooperative the firm has been with the supervisory authority to remedy the infringement

·         Data type: what types of data the infringement impacts; see special categories of personal data

·         Notification: whether the infringement was proactively reported to the supervisory authority by the firm itself or a third party

·         Certification: whether the firm had qualified under approved certifications or adhered to approved codes of conduct

·         Other: other aggravating or mitigating factors may include financial impact on the firm from the infringement

Amount

If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision. (83.3)

However, the above may not offer much relief considering the amount of fines possible:

Lower level

Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

·         Controllers and processors under Articles 8, 11, 25-39, 42, 43

·         Certification body under Articles 42, 43

·         Monitoring body under Article 41(4)

Upper level

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

·         The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9

·         The data subjects’ rights under Articles 12-22

·         The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49

·         Any obligations pursuant to Member State law adopted under Chapter IX

·         Any non-compliance with an order by a supervisory authority (83.6)

Source : https://www.gdpreu.org/compliance/fines-and-penalties/

*************************************************************************

Get GDPR Compliant through us for more details

Contact Us 

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™

www.latvikhost.com | https://latviksecure.blogspot.com

Data Privacy Day-Mark Zuckerberg Launches Business Hub For Privacy, Data Use Management

Celebrating Data Privacy Day on Monday, Facebook has launched a new "Privacy and Data Use Business Hub" to help businesses understand ways in which they could protect user-information while using the platform.

The hub contains information on topics including advertisements, privacy principles and guidelines to help companies understand rules like General Data Protection Regulation (GDPR) which is a European Union (EU) regulation on data protection and privacy.


"We're continuing to work throughout the year to improve the privacy controls we offer on Facebook and better communicate about how we protect people's information," Erin Egan, Chief Privacy Officer, Facebook, wrote in a blog-post on Sunday. 

Amidst all the data-breach scandals surrounding Facebook, apart from just working on its privacy settings, the social-networking giant is also taking steps to provide people with more transparency and control. 

"In the coming months we will launch 'Clear History', a new control to let you see the information we get about your activity on other apps and websites, and disconnect that information from your account," Egan added. 

As part of the Data Privacy Day celebrations, for two weeks, Facebook will show people a reminder in the News Feed, inviting them to take a privacy checkup. 

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™ 

www.latvikhost.com | https://latviksecure.blogspot.com

Hackers Leak Personal Data from Hundreds of German Politicians On Twitter

Germany has been hit with the biggest hack in its history.

   
A group of unknown hackers has leaked highly-sensitive personal data from more than 100 German politicians, including German Chancellor Angela Merkel, Brandenburg’s prime minister Dietmar Woidke, along with some German artists, journalists, and YouTube celebrities.

   
The leaked data that was published on a Twitter account (@_0rbit) and dated back to before October 2018 includes phone numbers, email addresses, private chats, bills, credit card information and photos of victims' IDs.

Although it is yet unclear who perpetrated this mass hack and how they managed to perform it, the leaked data appears to be collected unauthorizedly by hacking into their smartphones.

The hack targeted all of Germany's political parties currently represented in the federal parliament, including the CDU, CSU, SPD, FDP, Left party (Die Linke) and Greens, except for the far-right Alternative for Germany (AfD).
 

While Justice Minister Katarina Barley called this mass hacking as a "serious attack," local media reports that none of the leaked data could be considered politically explosive.
 

Germany's federal office for information security (BSI), who is investigating the attack, said that government networks were not affected by the incident and that the identity of the hackers and their motive were not yet known.

Among the victims include Chancellor Angela Merkel, President Frank-Walter Steinmeier, Foreign Minister Heiko Maas, as well as Robert Habeck, leader of the Green party, who was particularly badly affected by the attack with hackers leaking his digital communications with his family.

Besides German politicians, the intrusive hack attacks also affected well-known actor Til Schweiger, two renowned German comedians, Jan Boehmermann and Christian Ehring, as well as dozens of journalists from ZDF and ARD–public-funded German media outlets.

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™

www.latvikhost.com | https://latviksecure.blogspot.com