Given that 2018. ( GDPR, also General Data Protection Regulation ), major changes will take effect from May 25, in the field of personal data of digital persons and natural persons treated digitally, we have summarized the relevant information in this regard.
The essence of the new regulation can be briefly summarized as providing individuals with greater insight and rights in managing their data, while increasing companies’ obligations in this regard and penalizing defaults. The Regulation not only applies to large companies, but all businesses that handle data, whether it is a family business or a small and medium-sized enterprise. The Regulation also applies to personal data stored on digital and paper media, if they are part of or will be part of a registration system.
The GDPR IS RELATED?
Data management includes almost all personal data acts, including collecting, collecting, storing, using, transmitting, modifying for various purposes to name but a few data management operations. The person who does this is Data Manager . The person working on personal data on behalf of and on behalf of the data controller is Data Processor . The important difference is that while the data controller determines the purpose of the data management, that is, decides on the fate of the data, the data processor only performs technical operations – such as a webhosting provider – by the data handler’s instructions.
DO I REPORT REQUIREMENTS FROM MAY?
The change is two-way:
- The current Data Protection Register maintained by NAIH (National Data Protection and Information Authority) will cease to exist, and no data processing will be required.
- However, a reporting requirement is generated on the so-called ” privacy incidents , that is to say, personal data breaches, immediately after the knowledge of the data controller, but not later than 72 hours. An exception to this is if the violation of personal data is “likely” (which is of course difficult to materialize) does not cause any serious harm to the data subjects. The notification must then be made to NAIH. Persons affected by the incident should only be notified if the data breach is likely to pose a high risk to them, bank code leaks. If the data processor has detected a violation, he or she must report this to the data controller.
DO YOU REQUIRE DATA ON THE RELATIONSHIP FORM?
Clearly! Requiring personal data is considered to be data management, only the kind and amount of personal data that is strictly necessary and appropriate for the purposes of data management. Only the minimum data frame can always be handled using the destination from which the data collected – is already feasible.
WHAT THE RIGHTS OF YOUR DATA SHEET
According to the GDPR, the persons concerned by the data handling have the following rights:
- Right to Information : Information is required by the data controller on the essential aspects of data management (who, what, how, how, how long to use it, etc.) in an appropriate size, language, the GDPR specifies exactly what information is needed. Information should preferably take place before the personal data are collected. If this is not possible – because eg. the data is obtained from a third party, say someone sends a friend’s resume to the HR-class at the first possible time.
- Right to Access : Individuals can request information about whether data management is handled and, if so, which data is handled.
- Request Data Correction : The affected person may indicate that the information being processed is inaccurate and may ask for it to be replaced – note that the data controller is responsible for the accuracy of the data, so it is advisable from time to time check their accuracy;
- Right to Delete : Anyone at any time can request deletion of their data. If the data controller has granted third parties access to the data requested for deletion, he / she must inform those who have disclosed the data concerned to delete all references or personal information stored therein.
- The Right to Restrict Data Management : In some cases, a person who is involved in handling personal data may request a restriction on the processing of his or her personal data, such as an unclear legal situation or when data management is unnecessary, you still want it.
- Right to data storage : the data subject may request that the information handled by him be distributed in a widely used machine-readable format such as .doc, .pdf, to transfer this data to another data handler without obstructing the original data handler.
- Right to Objection : You have the right to object to your personal data for a specific reason for reasons of your own privacy. This typically happens when the person concerned has not given his consent to the handling of his / her personal data.
WHAT SHOULD YOU HAVE TO DELETE YOUR DATA?
Anyone who can disclose his or her data can ask for a statement addressed to the data controller by word, writing, postal address, e-mail, website – preferably on the forum through which the data was legally entered into the data controller. That is why it is important for the data manager to indicate his / her exact contact details in his privacy statement .
ANY DATA PROTECTION OFFICIAL IS ALL OF THE COMPANY?
It is not necessary for all companies, in the cases defined in GDPR, that is to say, in the case of public authorities, large data monitoring (eg property protection) or special personal data (health data, data related to criminal record) (eg hospital).
The Data Protection Officer can be employed or outsourced.
WHAT OFFICERS MUST COMPLY IN THE DATA PROTECTION INFORMATION
It is necessary to indicate where the affected person may be contacted in a complaint, so that the competent court and the NAIH should be provided with details of what kind of infringement can be addressed.
DATA SHOOTING IN GENERAL TERMS OF CONTRACT OR SPECIAL DOCUMENT?
WOULD YOU HAVE STORED DATA WITH ANY LICENSE?
Yes, if the time allowed for storage has expired. In this case, it must be ensured that personal data can no longer be contacted by the person concerned.
FACEBOOK / WHATTSAPP, etc. GROUP OPERATION
The Facebook Group is considered to be personal and private data management – and therefore not subject to the GDPR – until it reaches the masses and only discloses personal information that the person concerned has uploaded.
Briefly summarize the most important:
- Only possess the data that the company has to prove that it is necessary;
- Keep them properly and keep track of what is still needed and what is to be destroyed;
- Data that has been lost, confidential information must be properly and securely destroyed, and appropriate tools must be obtained in a timely manner, such as the destruction of paper or electronic data;
- Private individuals will also have the right to have an insight into where and how to store information about them, how they are moved and whether they are being destroyed in due time;
- In a company, only people assigned to it can access the data;
- Provide specific information about what third party data can be submitted;
- review contracts, including employment contracts, and examine whether they meet new standards, and that contract templates must be developed;
- Contract with suppliers and subcontractors accessing personal data is subject to a contract in accordance with the provisions of this Decree;
- If certain conditions are met, a Data Protection Officer should be appointed.