New Data Protection Regulation to Assure Greater Data Privacy

access_time July 18, 2019
by   admin
chat_bubble 0
remove_red_eye 263 views
Effective 25 May 2018, the E.U is to implement a new data protection regulation designed to protect the data privacy of E.U citizens and to redefine the manner in which organizations deal with data privacy. This data protection regulation gives E.U citizens greater control over how their personal data is used. It also provides businesses with clear legal structures with which to operate and standardizes it across the European Union. This regulation is binding and applicable to every E.U citizen, and organizations failing to comply with these regulations will invite serious penalties. Controllers, processors etc to be impacted This regulation is applicable to everyone including controllers and processors who collect and process data of E.U citizens, irrespective of their physical location. The regulation wants controllers to specify the purpose for which the data is collected and to ensure that the processor who process the data abides by the new data protection law. The regulation demands that processors follow these regulations and maintain records of all their processing activities. They will also be held responsible for any breach of data in their possession and the penalties would be more stringent than under the previous data protection act. Need for Individual’s Consent The regulation stipulates that organizations will need to take the prior consent of individuals to store their personal information data, and also will need to explain the manner in which this data is likely to be used. Notifying authorities about any data breach It has been made mandatory on the part of organizations to notify the supervisory authority within 72 hours about any data breach that has taken place, unless of course, it is some minor issue that is unlikely to result in a risk to the rights and freedom of individuals. Access Rights Organizations are called upon to provide electronic copies of private records to individuals who want to know what personal data the organization is processing, where their data is stored and the purpose behind such storing and processing. Right to be forgotten With this regulation in place, E.U nationals will be able to request controllers to delete all their personal data and stop processing and sharing it with third parties. Data portability Individuals can request existing controllers to transmit their personal data to another controller if they wish to exit the present controller. In such scenarios, organizations are the required to provide an individual’s personal data in a commonly used and machine-readable format. Security must be inbuilt in to products The new regulation makes it mandatory on the part of controllers and processors to have security built in to products and processes from day one. As this is a legal requirement that everyone needs to comply with, the chances of data breaches are rather slim. Appointment of data protection officers As per the new regulation coming in to effect, all data controllers and data processors with large-scale operations or those handling special categories of data are advised to appoint data protection officers (DPO). These officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. Records of processing activities All records of processing activities must be maintained including the purpose of the processing and the categories involved. These records must also be made available to the supervisory authority on request. WhatsApp has confirmed that these data protection feature would be available globally for all its users. Facebook and Instagram intent  to introduce these features shortly on their platform. It is expected that over time, everyone will realize the benefits that GDPR implementation brings in the domain of information security.

Our Recent Posts