For sure, you don’t want something that is precious for you to be online without having the ultimate control of it, right? Especially when we talk about our precious -personal data- whose lack of protection can be dangerous in some cases.
Every day more than 250 million people use the Internet in Europe. Most people share our personal data with businesses, organizations, agencies, and individuals through our social networks or online transactions.
The protection of personal data is a fundamental right for all EU citizens. That is why a new legal framework will be applied on May 25, giving you control over the information you share online to improve the security of your data. 😉
The “General Data Protection Regulation“ – from now on: GDPR – will essentially bring changes in the way businesses collect, handle and process personal data. It replaces the EU’s 1995 Data Protection Directive by harmonizing privacy laws across the EU. The purpose of the new regulation is to protect European’s personal data under the same laws.
Before we see the changes that will come, let’s remember few basic things:
What are “personal data” and “processing”?
Personal Data: Any information identifies a natural person such as name & occupation, marital status, age, residence, email address, bank account details, but also IP address.
Sensitive personal data: data on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of trade unions and information on medical history, erotic life and criminal prosecutions or convictions.
Some of these are collected and used only under specific circumstances, for example with your own consent or when the national law permits it.
“Processing” data is considered to be an act performed with or without the use of automated means in personal data. Some examples include collecting, organizing, storing, adapting, using, spreading and deleting them.
Your new rights
Personal data is characterized as a resource, more important than oil. It makes sense if we consider the “power” that companies and organizations acquire through their data collection. But how many of us do we know our rights in the information we share? Let’s look at some of the basic rights we have as European citizens under the GDPR.
The right of access: the right to know whether your data are being processed and if so, access it with loads of additional stipulations. You can request a free e -copy form of your stored data by a particular company.
The right to “be forgotten”: You can withdraw the consent you have given for the use of your personal data by an organization or company as you can even ask for their deletion.
The right to data portability: You can transfer your data whenever you want it from one service provider to another.
The right to be informed: Transparency and choice are two cornerstones of the GDPR regulation. At the outset of any request for data, businesses must be as clear as possible on how they will process data, who will process them, and where it could end up.
Right to rectification: When your personal data are inaccurate, then controllers need to correct them indeed.
The right to restriction of processing: Simply said, your right to limit the processing of your personal data with several rules and exceptions of course.
Right to object: You can immediately stop processing your data for marketing purposes. Once you send the request, any processing should be stopped immediately.
Notification right: In the event of a breach of data that compromises your personal data, you should receive relevant information within 72 hours of the first time that the violation was identified.
Do you own a business? Then it concerns you!
How does GDPR affect your business?
The new regulation applies to all businesses (private and public) who store or manage the personal data of employees, associates, customers or other natural persons. Regardless where your company’s headquarters are if your products or services are directed to customers within the EU, you are legally required to adopt the new regulation to avoid fines or other legal penalties.
Depending on the data you collect and the size of your business, you need to make improvements so that the processes that follow the GDPR delimitations are compatible. You would advise a lawyer to get detailed information on the steps you should take to be ready on March 25th!
What should your company do?
Protect the rights of individuals who give you their data.
There is no specific technical direction in the GDPR – a magical recipe – to prepare yourself. Each organization is free to decide the policies, practices, and tools that it will adapt to comply with the requirements of the regulation.
Basic obligations of your business
|You must acknowledge the responsibility of maintaining and processing personal data. Create files with the data you collect – understand which personal data are stored, where they came from, with whom you share them and if they are still relevant and necessary for the purposes you initially decide to store them.
|Make sure your business can meet the requests for personal data. According to the GDPR, every EU citizen has the right to request their data to be deleted, transferred and modified. The technological means and procedures you follow should allow completion of such requests within a month.|
|Created a basis for the processing of personal data harmonized in GDPR. For personal data collections, you must first obtain the person’s consent, and you must clearly define the period of the time that you will use them and the exact purpose of storing them. Consent can be withdrawn anytime, so it’s wise to examine another legal basis you can use for data processing.|
|Prepare your business for possible data breaches – please be assured that the procedures your company is following will allow you to update the data protection authority within 72 hours of your recognition.|
|Make sure to sign legal agreements when transmitting data to countries that have not been approved by the EU authorities.|
|Set up a Data Protection Officer. Check if your business needs a data protection officer. This depends on the type and number of the data your company collects.|
Why do the rules change?
It is necessary to protect and preserve our personal data as their safety is directly linked to other fundamental human rights. The lack of confidence in the old rules and the need for a uniform regulation for all EU countries led to the GDPR.
You may now find complicated the changes you have to adapt so you cant be compatible with the new regulation, but you will soon realize that it is essential! Data protection is now a basic principle of business activity and boosting consumer confidence will really boost your business. You do not have to worry about the changes. All you have to do is look at how you protect the rights of those who give you their data
What Papaki is planning to do
We are excited that we have in our tech family two new members and we are happy that we keep growing bigger! Security Officer and Privacy Officer – Two new diamonds were added to the vault of the Security Department of Papaki. Already under their guidance, we have begun to create a detailed plan to ensure the maximum security of the information you share with us. We design and develop processes rewarding the confidence you show us! The commitment we give you is that domain registration and management will remain as simple and easy as possible. The data we receive every day is already stored securely. What we have actually begun to do is an internal review to see how we can enhance the processes and keep your information uper safe.
Do you want to learn more about GDPR? We’ve created this informative pdf “Reform_of_EU_data_protection_rules_2018″ to keep you up to date on your rights and the changes that businesses need to make to adjust to the new regulation. More information can also be found on the official website of the European Commission. 🤓