On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect, which sets new rules for handling personal data in the European Union.
Here are answers to the six most common questions about the GDPR:
1. **What is the GDPR?**
The GDPR is the General Data Protection Regulation, which provides residents of the EU with the right to control their personal data. This includes the right to know how their data is collected, where it is stored, and to request its deletion if necessary. The GDPR went into effect on May 25th, 2018.
**What data does the GDPR protect?** Personal data refers to any information that can be used to identify an individual, such as their gender, age, location, and other characteristics.
The main principles of the GDPR are transparency and legality, which means that companies must clearly explain why they collect personal data and how they intend to use it. They also must limit the purposes for which they collect data, and if those purposes change, they must notify the individuals concerned.Minimum information: Data is only needed to the extent necessary to achieve specific goals. You should not ask for too much.
Data management: The user can request a copy of all their personal information you have – be prepared to provide it within 30 days. They may also request deletion of their data without the right of restoration.
Storage restriction: The data retention period should overlap with the deadline for goal achievement. Once the goal is achieved, the data will be deleted.
Security: You cannot share data with third parties. If there is a leak, notify us within three days.GDPR has an extraterritorial effect. The new regulations will apply to anyone who processes the data of European residents, regardless of where the data is collected or where the company is located. The main criterion is that the data must be processed on the territory of the European Union, including through the internet. The document covers 28 countries.
Why should you care? It will be difficult to ignore GDPR, even for the smallest Russian companies. Even if a small company has 100% certainty that none of its customers have European citizenship, there is always a chance that one of them could have dual citizenship. Therefore, it’s wise to re-check your customer databases.
What happens if you don’t comply? Non-compliance can result in fines of 10 to 20 million euros or 2% to 4% of your annual turnover.The implementation of EU decisions in Russia is not well developed, and even if the European Commission imposes fines on a Russian company, the chances of actually enforcing these decisions are very low. However, working with the EU can be challenging. Such a decision could lead to an inspection by Russian authorities.
5. What should be done nowCompanies working with personal data should provide as much information as possible on their website about what information they collect from visitors, why they do so, and how they will use it in the future. This includes making the process of giving consent for processing personal data more explicit.
In the “I agree to the processing of my personal data” checkbox, companies should specify which specific personal data users are agreeing to have processed. Different forms of consent should be provided for different types of information. For example, users should be able to give consent to the processing of their email addresses, phone numbers, and other personal information in the registration process. Consent for the processing of location data should be communicated through a separate pop-up message.
For existing customer databases, it is recommended that companies send emails to existing customers asking them to re-consent to the processing of any personal data they have previously provided.
If you have any questions or want to learn more about this topic, I have compiled several links to useful resources.The official text of the regulations on the protection of personal data can be found here. You can also find interesting information on why it was important to develop new regulations, such as how they benefit EU residents and businesses, as well as how the new rules help companies save money through a single law across all EU countries.
#DataProtection #PrivacyRights #EURegulation #PersonalDataControl #GDPRCompliance #DataSecurity #PrivacyLaw #EUDataRights #DataPrivacy #GDPRAwareness