Global Data Protection Regulation, or GDPR is a European law that came into force on May 24, 2016. It replaces an outdated European 1995 legislation with regard to the protection of natural persons. More specifically, processing and free movement of data about these natural persons, such as their e-mail address and mailing address, but also financial and medical data and more.
Because this requires a lot of effort, every company of the European Union gets 2 years of age to prepare itself optimally.
Concrete: From 25 May 2018, every company is liable for compliance with this legislation. Failure to comply can yield fines up to 4% of your annual turnover … You are undoubtedly fully focused from now on ?
Does this mean that you need to get out of trouble to get ready for it? No, absolutely not. Do not be put off by the wild rumors that you catch in the walkways here and there.
The entire GDPR legislation is based on the following basic principles:
- GDPR applies to anyone working within the EU and collecting data,
- Transparency is key. Make sure you communicate with your contacts clearly;
- What data you will keep from them,
- Why you will keep it,
- How long you will keep it,
- RTBF is not just a TV channel, it also stands for “The Right to Be Forgotten”. In other words, offer your contacts at all times the ability to delete or modify their data.
- If there is a leak in the data protection, you must report this to the privacy committee within 72 hours.
- In addition, you must keep a record in which you will track all the movements or movements that are undergoing this data
- For the technical security of the data (IT-related), you are best aware of a specialist in this area.
Furthermore, there are some specific issues that are less applicable in Flemish SME landscape:
- Appointing a Data Protection Officer (DPO) is required:
- If your organization is active in the public sector
- If you process data from a particular category (religion, politics, criminal law, …)
- If you need regular and systematic observation “(although the legislation itself is not immediately clear)
- The use of data outside the EU also requires some specific issues.
If you would like to receive more information or guidance, please contact: management@jato.be