GDPR: New rules, new challenges
Unless you have been living under a rock for the past few months, you are bound to have heard of the GDPR. The new European legislation on data processing and protection, formally known as the General Data Protection Regulation, will come into force on 25 May 2018. You therefore have less than one year in which to bring yourself and your company into line with the GDPR. Group Joos will inform you about the most important aspects of the GDPR, and tell you what you need to do to prepare your company, in our blog.
What will the GDPR introduce in the way of new rules, and, more importantly, what does this mean for your company? Through our new blog, we intend to keep you updated and show you that you are not alone, as Group Joos is ready to provide support and share its know-how with you.
There is, of course, nothing new about data protection legislation. The right to privacy and the collection and use of personal data by companies have given rise to tensions ever since the Universal Declaration of Human Rights was adopted in 1948.
The arrival of the internet and big data has made it necessary to find a new balance. This is where the GDPR comes in. The EU is introducing this new set of rules to ensure uniform legislation throughout Europe. Moreover, the rules will become much more stringent, and this will have major consequences, especially for companies that collect and use personal data on a large scale or as their core business.
First of all, the personal data stored by your company must be well protected. Examples include encrypting data on your website, storing data in properly secured locations and being transparent about which people within your company are authorised to access data.
You will also have to be transparent about which data you store, how you use data and the purposes for which this is done. For example, visitors to your website need to give their approval for their data to be used for purposes which are announced in advance. They need to know which data you keep and what you do with the data. In addition, everyone needs to be able to view and change their own data and have data deleted where appropriate. Complying with these obligations is obviously a major task.
Finally, you need to have a contingency plan that can be put into effect in the event of a data breach. In some cases, the data breach will also have to be reported to the supervisory authority and even to affected individuals. Moreover, all the rules also apply to all companies that have an involvement, including subcontractors.
Group Joos is ready to help you write your own GDPR story. The processes you need to follow to ensure compliance with the GDPR are rather time-consuming and you have little time left.
Group Joos is in a good position to inform you about all your obligations under the GDPR, which is why we are keen to share our technical know-how and information with you. Group Joos can support your company in various ways, for example by supplying a detailed data processing agreement. This agreement is legally sound and offers a good balance of mutual obligations and responsibilities.
We will provide relevant information and a range of hints and tips for dealing with the introduction of the GDPR in future posts on this blog.
Viktor D’Huys is the ICT manager of Group Joos. He is responsible for matters including data security and the coordination of the GDPR project. He is Certified Information Security Manager (ISACA) and has been awarded the CIPP/E (Certified Information Privacy Professional/Europe) credential by the IAPP (International Association of Privacy Professionals), which is the world’s largest organisation of privacy professionals.
If you have any questions or comments, please write to us at firstname.lastname@example.org.