GDPR stands for the General Data Protection
Regulation.
This regulation has been implemented in all
local privacy laws across the entire EU and EEA region. It will apply to all
companies selling to and storing personal information about citizens in Europe,
including companies on other continents.
What GDPR means is that citizens of the EU and EEA now
have greater control over their personal data and assurances that their
information is being securely protected across Europe.
According to the GDPR directive, personal
data is any information related to a person such as a name, a
photo, an email address, bank details, updates on social networking websites,
location details, medical information, or a computer IP address.
There is no distinction between personal data about individuals
in their private, public or work roles – the person is the person. Also in a
B2B setting, everything is about individuals interacting and sharing
information with and about each other. Customers in B2B market are
obviously companies, but the relationships that handle the business topics are
people – or individuals.
The 8 basic rights of
GDPR
Under the GDPR, individuals have:
1.
The
right to access –this means that
individuals have the right to request access to their personal data and to ask
how their data is used by the company after it has been gathered. The company
must provide a copy of the personal data, free of charge and in electronic
format if requested.
2.
The
right to be forgotten – if consumers
are no longer customers, or if they withdraw their consent from a company to
use their personal data, then they have the right to have their data deleted.
3.
The
right to data portability –
Individuals have a right to transfer their data from one service provider to
another. And it must happen in a commonly used and machine-readable format.
4.
The
right to be informed – this covers
any gathering of data by companies, and individuals must be informed before
data is gathered. Consumers have to opt in for their data to be gathered, and
consent must be freely given rather than implied.
5. The right to have information corrected – this ensures that individuals can have their
data updated if it is out of date or incomplete or incorrect.
6.
The
right to restrict processing – Individuals can request that their data is not used for
processing. Their record can remain in place, but not be used.
7.
The
right to object – this includes
the right of individuals to stop the processing of their data for direct marketing.
There are no exemptions to this rule, and any processing must stop as soon as
the request is received. In addition, this right must be made clear to
individuals at the very start of any communication.
8.
The
right to be notified – If there has
been a data breach which compromises an individual’s personal data, the
individual has a right to be informed within 72 hours of first having become
aware of the breach.
The GDPR is the EU’s way of giving individuals, prospects,
customers, contractors and employees more power over their data and less power
to the organizations that collect and use such data for monetary gain.
The business
implications of GDPR
This new data protection regulation puts the consumer in the
driver’s seat, and the task of complying with this regulation falls upon
businesses and organizations. Otherwise, you’re failing to comply.
What falls under GDPR compliance?
Well, GDPR applies to all businesses and organizations
established in the EU, regardless
of whether the data processing takes place in the EU or not. Even non-EU
established organizations will be subject to GDPR. If your business offers
goods and/ or services to citizens in the EU, then it’s subject to GDPR.
All organizations and companies that work with personal data
should appoint a data protection officer or data controller who is in charge of
GDPR compliance.
There are tough penalties for those companies and
organizations who don’t comply with GDPR fines of up to 4% of annual
global revenue or 20 million Euros, whichever is greater.
Many people might think that the GDPR is just an IT issue,
but that is the furthest from the truth. It has broad-sweeping implications for
the whole company, including the way companies handle marketing and sales
activities.
The impact of GDPR on
customer engagement
The conditions for obtaining consent are stricter under GDPR
requirements as the individual must have the right to withdraw consent at any
time and there is a presumption that consent will not be valid unless separate
consents are obtained for different processing activities.
This means you have to be able to prove that the individual
agreed to a certain action, to receive a newsletter for instance. It is not
allowed to assume or add a disclaimer and providing an opt-out option is not
enough.
GDPR has changed a lot of things for companies
such as the way your sales teams prospect or the way that marketing
activities are managed. Companies have had to review business processes,
applications and forms to be compliant with
double opt-in rules and email marketing best practices
****************************************************************************************
GDPR Fines & Penalties
*************************************************************************
Contact Us
****************************************************************************************
GDPR Fines & Penalties
Administrative
fines
The GDPR imposes stiff fines on data controllers and processors
for non-compliance.
Determination
Fines are administered by individual member state supervisory
authorities (83.1). The following 10 criteria are to be used to determine the
amount of the fine on a non-compliant firm:
·
Nature of infringement: number of people
affected, damaged they suffered, duration of infringement, and purpose of
processing
·
Intention: whether the infringement is
intentional or negligent
·
Mitigation: actions taken to mitigate
damage to data subjects
·
Preventative measures: how much
technical and organizational preparation the firm had previously implemented to
prevent non-compliance
·
History: (83.2e) past relevant
infringements, which may be interpreted to include infringements under the Data
Protection Directive and not just the GDPR, and (83.2i) past administrative
corrective actions under the GDPR, from warnings to bans on processing and
fines
·
Cooperation: how cooperative the firm has
been with the supervisory authority to remedy the infringement
·
Data type: what types of data the
infringement impacts; see special categories of personal data
·
Notification: whether the infringement was
proactively reported to the supervisory authority by the firm itself or a third
party
·
Certification: whether the firm had qualified
under approved certifications or adhered to approved codes of conduct
·
Other: other aggravating or mitigating
factors may include financial impact on the firm from the infringement
Amount
If a firm infringes on multiple provisions of the GDPR, it shall
be fined according to the gravest infringement, as opposed to being separately
penalized for each provision. (83.3)
However, the above may not offer much relief considering the amount
of fines possible:
Lower level
Up to €10 million, or 2% of the worldwide annual revenue of the
prior financial year, whichever is higher, shall be issued for infringements
of:
·
Controllers and processors under Articles 8, 11, 25-39, 42, 43
·
Certification body under Articles 42, 43
·
Monitoring body under Article 41(4)
Upper level
Up to €20 million, or 4% of the worldwide annual revenue of the
prior financial year, whichever is higher, shall be issued for infringements
of:
·
The basic principles for processing, including conditions for
consent, under Articles 5, 6, 7, and 9
·
The data subjects’ rights under Articles 12-22
·
The transfer of personal data to a recipient in a third country
or an international organisation under Articles 44-49
·
Any obligations pursuant to Member State law adopted under
Chapter IX
·
Any non-compliance with an order by a supervisory authority
(83.6)
Get GDPR Compliant through us for more details
Contact Us
Best Regards ,
Web Admin
LATVIK SECURE
LATVIK TECHNOLOGIES ™
No comments:
Post a Comment