Hvad er EU’s General Data Protection Regulation (GDPR)?

Hvad er EU’s General Data Protection Regulation (GDPR)?

Et forslag for beskyttelse af EU borgeres personlige data, en lov som gælder på tværs af alle medlemsstater og som erstatter tidligere data protection love. Den nye lov forventes vedtaget af alle 28 medlemsstater senest i 2016, og vil derfor have stor indflydelse på alle private og offentlige virksomheder og organisationer og offentlige og private organisationer ligestilles med hensyn til sanktioner, hvis regulativet ikke overholdes.

9 reasons why the GDPR will affect your organization

  •  NON-COMPLIANCE IS COSTLY Maximum ­nes for non-compliance will be substantial – violators will be required to pay a ­ne up to 100 000 000€ or up to 5% of the annual worldwide turnover, in the case of an enterprise, whichever is higher. *
  • DATA PORTABILITY Data subjects will be able to obtain a copy of their data in a commonly used format in order to transfer it to another service provider.
  • EVIDENCE OF COMPLIANCE Organizations will need to demonstrate policies and procedures in place and how they monitor compliance.
  • CONSENT IS REQUIRED MORE EXPLICITLY An “appropriate method” must be available to to ensure that a data subject has expressed consent to the processing of personal data.
  • DATA BREACH NOTIFICATION & REPORTING OBLIGATIONS The EU regulation will legally enforce the noti­cation of data breach. Enterprises will be required to provide noti­cation of a personal data breach without undue delay to the supervisory authority. Auditable reporting is no longer optional and can lower penalties if a breach occurs. A data breach could lead to closer scrutiny of other processes including erasure.
  • THE RIGHT TO BE FORGOTTEN, THE RIGHT TO ERASURE The data subject shall have the right to the erasure of any personal data relating to them, including any links to, or copy of, that data.
  • DATA PROTECTION OFFICERS An organization with over 250 employees will be required to appoint a Data Protection O‑cer to ensure compliance. Expect erasure processes to be audited by clients in the future.
  • BROAD TERRITORIAL SCOPE Rules will apply to EU citizens’ and EU residents’ data, even if the data controller/processor is not located in the EU.
  • MORE RESONSIBILITY FOR DATA PROCESSORS The regulation imposes liability on processors as both the controller and processor are required to uphold technical and organizational measures when processing data as well as any third party that performs data erasure processing.

*Based on the latest draft of the current proposal of the EU GDPR.

It is recommended to seek explicit advice about individual circumstances regarding full compliance with the Regulation.

Kilde: IBAS/Blancco på Computerworld Summit in Copenhagen april 2015.

Er din organisation klar til det nye regulativ? – ellers er du velkommen til at kontakte DDSR for yderligere information på info@ddsr.dk eller på telefon 30 25 28 85.