Recently, the Internet was abuzz about the new regulations of the European Parliament and the Council of the European Union on the protection of personal data, called RGPD. The law has already come into force. To whom are the new rules applied? Find out what changes in automatic processing of personal they entail.
The new law came into effect on May 25, 2018. As of that day, all entrepreneurs have to implement the new regulations and prepare all the documents required by RGPD. What steps has the service provider to take in order to fulfill the obligations under the new law?
The purpose of changing the rules is to compel companies to create a complex privacy policy that includes the storage and processing of personal data. Service companies are required to prepare documents such as the personal data processing activity register, the backup management policy or the data protection monitoring and infringement response policy.
Most importantly, the changes introduced by the RGPD concern not only entrepreneurs, but also the delegates responsible for monitoring and verifying the proper application of the provisions of this new law within the company. Companies are now required to designate a person to act as personal data protection officer.
Discover the changes introduced by the law of May 25
• Your customers’ personal data must be stored in the European Union,
• Your customers have the right to be forgotten and you are required to allow them to delete all their personal data from your database,
• Your customers have the right to request the transfer of their personal data to another company,
• You are still required to collect marketing authorizations to process your customers’ data,
• You are required to consider the protection of personal data starting from the design phase of your IT solutions,
• Penalties for not complying with the RGPD rules have increased up to 20 million euros.
• A new principle of accountability: you, the administrator, have to respect the rules and be able to prove that you respect them,
• You are obliged to report violations,
• You are required to store data and you are subject to the documentation requirements.
The most important changes introduced by the RGPD have been presented above. If you wish to get more information on the new law, please consult the CNIL website (https://bit.ly/2siZAsV) or contact the European Data Protection Supervisor directly (https://www.avocat-rgpd.com/).