Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR
What is GDPR
The General Data Protection Regulation (GDPR) is a European Union regulation, ie. - law! It shall be in force throughout the European Union and the European Economic Community, Bulgaria, incl. May 25, 2018.
From the same date, sanctions related to its introduction are also in force.
GDPR is not just a security issue
GDPR is not just a legal issue
The GDPR is not just a matter of demonstrating compliance
The GDPR is not just a matter of risk assessment and management
GDPR is not just a data issue
GDPR is all that and much more ...
The GDPR introduces new, stricter rules for the processing of personal data by controllers and processors.
GDPR is a single set of rules across the continent, guaranteeing legal certainty for organizations and an equal degree of data protection for citizens across the EU. Uniform rules applicable to all organizations providing services in the EU, even if their headquarters are outside the EU. The GDPR introduces expanded and completely new rights for citizens.
What is Processing?
"Personal data processing" covers a wide range of operations performed with personal data, including manual or automatic means. This includes collecting, recording, organizing, structuring, storing, adapting or changing, retrieving, consulting, using, disclosing by transmission, dissemination, or otherwise making the data accessible, arranging or combining, limiting, deleting or destroying personal data.
And what is personal data?
According to Article 4 (1) of the Regulation: "personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors;
Regardless of the technology used to process them, GDPR is "technologically neutral" and refers to both automatic and manual processing, provided that the data is organized by criteria (for example in alphabetical order). Also, it doesn't matter how the data is stored - in the IT system, via CCTV or on paper; in all these cases, LDs are subject to the protection requirements set out in the GDPR.
What are the new rules?
Introduce new or refine existing terminology, such as (list is not complete):
Legality of processing;
Taking data protection measures at the design stage and by default;
For the first time there is a requirement for the consolidation and mapping of the PD - Register of PD processing activities;
Accountability - the burden of proof is shifted to organizations;
Stronger protection against PD security breaches;
Notification of security breach of PD;
Strict rules and dissuasive fines.
What are the penalties for non-compliance?
The maximum administrative fine is up to EUR 20 million or up to 4% of the total annual global turnover for the previous financial year, whichever is higher.
The CPDP, which remains to act only as a control body, has the right to suspend certain data processing temporarily or indefinitely. It is obliged to consider any complaint by an PD entity.
The subjects of the PD may file a further claim for damages in court.
Where to start?
We are consultants with over 15 years of experience in the implementation, auditing and certification of Management Systems. We have been working in the field of GDPR for over three years. LINK IT Ltd. provides the service of a Personal Data Protection Officer (DPO) as a subscription. We have a competent team consisting of trained professionals, lawyers, auditors and IT professionals. Our certificates proving our competence are available upon request.
Together with you, we will create the most appropriate plan that meets your needs, so that you can get as smoothly and optimally as possible in compliance with the requirements of the GDPR!
If you would like to receive a consultation offer, please click