GDPR – Are you ready?

GDPR is a term that is well known in the IT world. But very soon it will be known to a wider audience. To begin with, what is GDPR (General Data Protection Regulation)? GDPR is a general data protection regulation that was adopted by the European Parliament on April 27, 2016, and entered into force on May 25, 2018. without the possibility of delay. GDPR is mandatory for application, and it is a rather complex process that requires its understanding and additional resources. Furthermore, micro-enterprises, small and medium-sized enterprises, public institutions and bodies and agencies that collect personal data are subject to the regulation.

When protecting data, it is very important to distinguish general data from personal and sensitive personal data. General data are: address without name, generic e-mail address, e.g. info@tvrtka.com etc. Personal data are: address with first and last name, personal e-mail address, name and last 4 digits of credit card, etc. Sensitive personal data are: race or ethnic origin, political affiliation, religious affiliation, sexual orientation... Personal data refer to users, clients or employees of a specific organization.

The organization must have permission to use personal data, it must know at all times where the data is and what it can be used for. The organization must also enable the withdrawal of the consent of a certain legal or natural person for the use of their personal data within a given period. The body most likely to oversee the implementation of the GDPR is AZOP (Agency for Personal Data Protection). If a certain organization does not comply with the provisions of the GDPR, it will be subject to draconian fines that will amount to up to 4% of the company's annual revenue or 20 million euros, depending on which amount is greater. All economic entities operating in the EU are subject to the regulation. That is why GDPR in the US is currently at the top of the priorities of companies operating in the EU.

GDPR has come into effect 25.05.2018.  and many companies had the obligation to appoint a DPO (Data Protection Officer), i.e. a person responsible for the protection of personal data. In the event that a breach of data security occurs, the company must notify the competent authorities, as well as the person whose personal data has been breached. Are you ready? Protect yourself in time and prevent data loss.

You may also be interested..