27 March 2019

European Data Protection Act. Why does everyone talk about it and, why is it so important

    Last year, the General Data Protection Regulation (GDPR) act came into force in the EU with a view to increase business accountability. Immediately after that, you could see in your mailboxes a bunch of emails on the subject of messages "Changes in privacy policy".
    Now companies need to prove that they are trying to protect information in every way, including through preventive measures. Therefore, in Ukraine, more and more companies are beginning to buy privacy filters
      , that protect the monitor from the person who stands next to and can read your data.
      What exactly has changed?
    • Accountability and elimination of the onus of proof. This means that the organization must prove that they operate according to the laws on the protection of privacy.
    • Extended obligation of documentation and evidence. This means that a data protection management system must be established.
    • Obligation. This means that consultation with supervisory agency should be compulsive.
    • Reduction of the reporting period. This means that the breach of confidentiality must be submitted within 72 hours.
    • Introducing new sanctions for violation:
      - for minor violations: up to 2% of global sales, up to 10 000 000 (million) Euro
      - for serious violations: up to 4% of global sales, up to 20 000 000 (million) Euro
      Who needs to worry?
    • Companies with more than ten employees who are entrusted with the processing of confidential data. This company must appoint a data protection employee who can be hired from outside (extended documentation and evidence obligations).
    • Companies, which entrusted with the management of "special data", including genetic data, profiling and the like.
    • Companies based in non-EU countries but with customers in the EU market.
    • And of course, all companies in all EU countries.
      What does the term "special data" mean? Special and confidential data is information that can help to identify a person. For example:
      • Name
      • ID
      • Ethnic origin
      • Religious, political or philosophical thoughts and beliefs
      • Genetic information
      • State of health
      • Criminal offence
      • Work and job evaluations
      • Personal interest
      • The motion profile
      • And more...
      Therefore, if you collect such data and want to have customers from Europe and do not want to pay fines, then you need to be very careful about the protection of information in the company beginning with privacy filters and ending with an employee responsible for the protection of information and data.
      JSC "Bancomzvjazok" – making life safer!