Facts you should know about the general rules of the data protection European GDPR (General Data Protection Regulation), so that we can understand this law, to be applied properly, and soak in the problems of the future. These Regulations are important for all the websites business or service which deals with data of individuals within the European Union, whatever the service location or device.
What is the list of (GDPR):
GDPR mean the list of General Data Protection(General Data Protection Regulation). A regulation or law of the new European covers rights and mechanisms for data protection, this Law aims to improve and standardize the way protection and handling of personal data. And the implementation of this law in May 25, 2018, meets all laws of the European coast related to data protection.
1) of the application is:
Is the application of this policy and the law for all those companies or websites across the globe that provide goods or services or targeting or abuse of personal data of citizens of the European Union.
2) What is the result when the violation:
When violating this Law, you may be fined for the violation, which violated these Regulations between 2% to 4% of the value of their annual revenue, or 20 billion euros, (is applied to any two numbers the highest in a timely manner). Can lead repeated infractions of the regulations and in the processing of cases to impose higher fines of up to € 40 million.
3) The definition of personal data:
Has been expanded definition of personal data, where the dependent under this policy to any data that can be used to identify an individual as personal information. It includes, for the first time, things like genetic information, mental or cultural, economic or social.
4) approval of the data collection:
Emphasis was placed on rules and mechanisms to obtain valid consent for the use of personal information, where you need stakeholders (companies or websites, or even people) to make sure to use simple language when asked to consent to the collection of personal data, and you need to be clear on how to use this information, and understanding that failure to take steps to improve that case to the question of consent no longer constitutes an implied consent by default.
5) rights of individuals:
Must provide individuals with information fair and transparent about the way of processing and use of their personal data.
To be more specific, it will be individuals the following rights:
*- The right to be aware of what is being dealt with in the statement of his personal.
*- The right of access to personal data.
*- The right to correct personal data.*- The right to deletion, cancellation section of these Terms (referred to with the term “right of Oblivion”)
*- The right to restrict and determine the method of processing of personal data.
*_ The transferability of personal data.
*_ The account.
*_ Rights relating to the decision-making mechanism determining the features of the profile.
*_ Citizens of the European Union deal with of any authority to protect the data of their choice in any country of the European Union to make complaints and offers legal against any party or company or position under this Act.
6) the period of data retention:
The application of the principle to reduce the period of data retention, which requires organizations not to retain data for longer than necessary, not to change the use of the data of the purpose for which it was collected originally, and at the same time delete any data on user request or on the one hand, this means that the actors should get a new approval before you can change the method to be used where the data is collected.
7)introduce the concept of the place of duty or mass:
In the past, Ireland was a favorite of the major American companies, like Google, due to legal registration in the subject to the data protection authority in this state, relatively speaking compared to the rest of the state, but the existence of this policy and new laws will be of any protection authority European data to take action against any entity or company, regardless of the place of honor in the world, but it will handle the Supervisory Authority is only one instead of different authorities for each country in the European Union, this will make it simpler and cheaper for all, but at the same time, As I mentioned it’s citizens the European Union deal with of any authority to protect the data of their choice in any country of the European Union to make complaints and offers legal against any party or company or position under this Act.
8) commitment to the Declaration:
Must advertising and reporting in the event of a breach of personal data that are likely to have adverse effects on the individual in terms of personal information or financial…, including informing the data protection authority of the local incident of data breach within 72 hours of discovery. This means that on the guarantee, possess the technologies and processes that will enable them to discover a data breach and response.
9) expansion of responsibility:
The expansion of the responsibility for these data and the consequent outside the scope of the data controller, in the past, the data control is only responsible for data processing activities, but under this new law, will extend responsibility to all organizations that hold or deal with personal data, which means that even agencies that provide services only deals with personal data must comply with the rules, such as reduce the period of data retention to a minimum.
10) the data protection officer (DPO):
Must be from all those handling personal information to designate an official or agency of data protection (“Data Protection Officer “is DPO), so when the Require systematic observation methodology to data sets on a large scale for core activities or be treated to a wide range of data categories of data.
11) impact assessment:
Should the agency that controls or manages personal data and monitor and evaluate the impact (Privacy Impact Assessments “PIAs”) when there is a risk of breach of privacy, in order to reduce those risks to individuals and the owners of that data, this means that before you can any hand from the start in projects that include personal information, you will have to conduct a risk assessment of privacy and with on the one hand the (DPO) to ensure their commitment to this policy in all phases of the projects.
12) programs and systems:
Must be on programs and systems and the different processes that take into account compliance with the principles, policies and regulations for the protection of this data, that is, the deleted information became uncertain, for example, from the usual to the programmes currently don’t cancel the entire data only in reasons given, but in the future, will have all the software to be able to erase the entire data, which will be a challenge for many software engineers.
Note: If the company has more than 250 employees, it can (recommended) documentation of all customers ‘ data, which they say addressed, documentation of those data, and describe the company’s procedures, and precautionary measures, as if the company was small in size, it could be that the limited documentation of the data that they processed on the basis of regular or only on the sensitive data.
Sources: (1) and (2) and (3)
Shihab jurist/ specialist in trade marketing electronic
Blog e-commerce Arab
The 12 real interest to you about the general rules of the data protection EU – GDPR appeared first on the tech world.