Find out more about what's going on here at Performance Leads with our regularly updated blog.
November 29, 2018
Performance Leads has always taken data protection obligations seriously and will continue to do so under the new European legal framework surrounding the General Data Protection Regulation and ePrivacy Regulation.
There are two key reasons for the overhaul of the existing legislation:
The EU would like citizens to have more control of their own personal data.
The EU would like businesses to have a harmonised legal framework to work within.
At the moment there are a number of different regulations across the EU which can be confusing and lead to inefficiencies and a barrier to trade.
The legislation itself reaches beyond EU borders to any country handling or contracting with another organisation to process the personal data of EU citizens.
Processor – The party processing the data
Controller – The party who defines how and why the personal data is
Personal data must be processed lawfully and lawful has a number of meanings. For example the data subject provides consent, compliance with a legal obligation, or it is essential for the life of the subject.
Consent for data to be stored must be active – i.e. the box must be ticked. Controllers must also record how and when the subject provided their consent.
Subjects have the right to access their personal data at ‘reasonable intervals’. What is ‘reasonable’ is based upon the type of data being held and how frequently it changes. The controller must deal with all requests within one month.
The right to be forgotten’ or the ‘right to erasure’ gives individuals the right, in certain circumstances, to have their personal data deleted.
In the event of a data breach, the organisation in question must notify the data protection authority within 72 hours of first becoming aware of the incident. This is an initial alert and it is expected that a full investigation and impact assessment will be undertaken thereafter. There are significant penalties for breach of the regulations – the greater of 4% of the organisation’s global annual turnover or 20 million Euros.
Performance Leads has always taken data protection obligations seriously and will continue to do so under the new European legal framework surrounding the General Data Protection Regulation and ePrivacy Regulation. As an organisation we will be producing a series of blogs and checklists on GDPR with the goal of assisting our clients with their obligations under the new regulations.