Fordítsa meg a készülékét a weboldal használatához.
The EU General Data Protection Regulation (GDPR), which comes into force on 28 May 2018, is the new EU data protection framework.
The GDPR affects organisations established within the EU as well as those established abroad. It applies to the processing of goods and services and the processing of personal data within the EU.
Companies that do not comply can face serious consequences. The maximum fine is €20 million or 4% of the organisation's total annual turnover (whichever is higher).
The GDPR also includes some flexible provisions to facilitate accountability and corporate regulation, increasing the importance of an organisation's ability to demonstrate compliance with GDPR obligations. Essentially, the following are required:
- Establish clear governance processes for the management, processing, storage, retention and deletion of data
- Documentation such as privacy manuals and personal data records;
- Data protection impact assessments
- Introducing a "data protection from the ground up" principle to ensure that security is built into any new process or product - such as pseudonymisation techniques (i.e. processing data in such a way that it can no longer be linked to a specific subject) - and data minimisation.
For many organisations, this deadline of less than 12 months is a major problem. If current data management processes are not satisfactory, it may take longer to put in place the right infrastructure.
Digitalisation could be one solution.
