GDPR – some facts
The new Data Protection Regulation (RODO) shall apply from 25 May 2018 Includes the European Union as a whole and has an impact on organisations outside the European Union.
THE RIGHTS OF THE PERSON WHOSE DATA ARE PROCESSED
Knowing who has access to the data, how long it will be processed and whether it will be used for profiling. The person has the right to retrieve and transfer his or her personal data, correct it, delete it, be forgotten and to be compensated in the event of a breach.
Obligation to process data lawfully, appropriately and transparently. Data should be collected in accordance with the purpose and stored in a way that identifies access and scope and no longer than necessary. Data must be secure and protected against unauthorized or unlawful access, accidental loss or destruction.
THE RESPONSIBILITIES OF THE ADMINISTRATOR AND THE PROCESSING ENTITY
It is necessary to implement appropriate technical and organisational solutions to ensure and confirm the processing of data in accordance with the regulation. Implement data protection policies, apply agreed codes of conduct and ensure that data are processed in accordance with the purpose of processing.
Administrative fines may amount to up to EUR 10 million for minor infringements of the GDPR and up to EUR 10 million for a company, up to 2% of its total annual global turnover in the previous year. For serious infringements, the penalties can be up to EUR 20 million and up to 4%, respectively. The higher amount is the maximum amount per undertaking.