ComSign – Your address for GDPR
What is GDPR?
On May 25th, 2018, the EU's new regulation on the protection of privacy – GDPR (General Data Protection Regulation) will come into force. The GDPR deals with protecting data subjects, and with their rights.
The GDPR effectively applies to any organization that works in the EU, processes information in EU, or processes information of EU citizens.
The regulation defines personal information as "information pertaining to a private person that enables identification of that person, directly or indirectly, such as: names, identity numbers, addresses, as well as other social and economic identifiers."
To date, we have been accustomed to the fact that all information collected in the organization belongs to the organization that is entitled to use it at will. Following entry into force of the GDPR, personal information will belong only to the data subject, who will have rights in respect thereof.
The principal rights of the data subjects at any given time are:
- Consent – In order for an organization to process personal data, it must inform the data subject exactly what is the reason its information is processed, and request explicit consent for that use.
The subject has a right to withdraw his consent at any time.
- Right of access – The data subject has a right to access his/her personal information and receive a full copy of all his/her personal information that exists in the organization, in a readable format and in a format that enables him/her to pass it on to the competitors. It is his/her right to demand that information containing errors be corrected
- The right to be deleted ("to be forgotten") – the data subject has the right to demand that his/her personal information be deleted, as long as this information is no longer relevant and meets other conditions and criteria.
Implications of GDPR for Organizations:
Organizations must now prepare for a wide range of demands from both the GDPR itself and the data subjects.
On the part of the data subjects:
- The organizations will need to give a statement to all their data subjects regarding exactly what their information is used for, and when it will be erased.
- The organizations will need to request explicit and clear consent from the data subject.
- The organizations will need to allow data subjects to withdraw their consent at any given time
- The organizations will need to be prepared to give data subjects copies of the information itself, and correct errors that data subjects will indicate.
On the GDPR part
The GDPR does not stop there – it requires the organizations to protect personal information starting at the product / service planning stage, and for the rest of its life. An organization that holds personal information is required to implement strict privacy controls (such as information masking and encryption), as well as minimizing the disclosure of information: collecting the minimum information required. It is also obliged to disclose this information to the minimum number of people required, and to hold the information for the minimum time necessary and then delete it.
To learn how ComSign's professional team can help you be prepared for the GDPR, contact us now: Tel: 03-6485255, or via the Contact us page