The May 25 2018 go live date for the European Union’s General Data Protection Regulation served as a vital reminder to everyone of the importance of safeguarding and protecting all personal data.
The fact that the EU saw the need for a bolstering of data privacy legislation, in light of the rapid rise of cybersecurity and hacking crimes, highlights the massive importance of preventing those with ill intent from gaining access to personal data. Companies, groups and individuals have a responsibility to do as much as possible to keep private and personal data safe.
What is GDPR?
GDPR introduced rules, regulation and penalties to ensure that the personal data of E.U. citizens and residents is kept safe. Companies and groups that breach this legislation can face fines as high as €20m or 4% if annual global revenue for the previous financial year – whichever figure is higher.
The surge in the amount of cybersecurity crimes has made securing personal data hugely important. Hackers will do everything in their power to try and obtain private information such as: names, identification number, geographic/location data, contact details, social security/welfare details, bank account numbers, identifying images, cookie identifiers, IP addresses, other online identifiers.
There have been a great number of well publicist cybersecurity attacks and data breaches including the Marriott Hotels hacking attack, The Facebook Cambridge Analytics controversy and the Equifax data breach in the USA. There are even more data breaches that take place on a much smaller, less well publicized scale. The parties found to be responsible will face criminal convictions, if they are caught, and those who did not make the personal data safe have been sanctioned with designated penalties.
GDPR Obligations on Companies/Organisations
There are a number of legal obligations on companies and organizations. They include:
- The establishment of adequate processing systems for data that they manage.
- Employing data processors that are legally acceptable.
- Maintaining records of processing activities.
- Ensure that all data is kept safe and secure.
- Regularly complete data impact assessments.
- Appoint and individual to a Data Protection Officer (DPO) role.
- See to it that codes of conduct and certification are complied with.
- Ensuring that the transfer of data outside of the E.U. is completed legally.
Personal data is important and must be protected in the manner legally laid out by the European Union’s GDPR legislation. If this is not so then there may be a massive personal cost to the individual impacted and expensive financial sanctions taken against those parties who are responsible for securing the personal data.