This article is about the key changes of the GDPR in 2018 and how should we do with it.
AOMEI Technology as an IT company, our products are used by people all over the world, we also pay constant attention to the changes in the world. GDPR is very important to us especially in our digital life so that we decide to focus on its changes in May, 2018 in this article.
Before learning changes of the GDPR, we should know what is GDPR. If you are EU citizens, you may know about it. GDPR is short for General Data Protection Regulation, which is the European Union’s regulation that safeguards the personal data of individuals in the EU, as well as the export of personal data. GDPR not only affect the European continent, but also businesses around the world that deal with information of European citizens. Even now the GDPR also includes the United Kingdom (UK), despite recent Brexit changes. Why need GDPR? It is used to protect the privacy of EU citizens.
Privacy or personal data defined in GDPR are “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address, etc” You see, GDPR is very important to to us in our life, because we almost surf online everyday and everywhere in modern society.
The GDPR was approved by the EU Parliament on the 14th of April, 2016 at first. Two years passed, it is going to take full effect on the 25th of May, 2018. That is to say, there are some key changes of the GDPR this time, please read on and let’s know changes summary.
We summed up following key changes of the GDPR this time.
Expanded landscape: Now GDPR is strengthened individual rights and conditions for consent. Prior to the proposed regulation, there was ambiguity surrounding territorial applicability, but it wasn’t clear whether it also applied to companies that weren’t physically located in the EU, however dealt with EU business. Here the GDPR makes it explicitly clear that it applies to “the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not”. It also applies to data subjects that have activity relating to, or offer goods and services to EU citizens.
Heightened consent: Circumstances surrounding consent have been strengthened to make sure consumers are not unknowingly allowing businesses to process their data. Companies today have to provide a request for consent in legible and accessible language. This means no more lengthy, unintelligible terms and conditions that the average consumer will have difficulty understanding. Consent must be apparent, and it also must be easy to give and withdraw it.
Imposed fines: the GDPR fines are faced when businesses and organizations breach regulation, which includes infringements such as not having sufficient customer consent for processing data. Fines will be arranged in a tiered structure, and will apply to both controllers and processors. The maximum fine that can be imposed will be the greater of €20,000,000 or up to 4% of annual global turnover.
Data transfers:All organisations need to be aware of the risk of transferring data to countries that are not part of the EU. Non-EU controllers may need to appoint representatives in the EU. Both data controllers and data processors will be required to keep records on what personal data is being processed and why. They must also record who may access that information, where that information is being held, the security measures implemented and how long that information will be held.
DPIAs: A risk-based approach must be adopted before undertaking higher-risk data processing activities. Data controllers will be required to conduct DPIAs where privacy breach risks are high to analyse and minimise the risks to their data subjects. By the way, an essential first method for completing a DPIA is to map your organisation’s data and information flows (data mapping).
Data Protection Officer:A Data Protection Officer (DPO) with “an expert knowledge of data protection law” must be appointed where an organization is undertaking regular monitoring of individuals, or large scale processing of information about an individual's racial or ethnic origins, political opinions, medical information and/or information about criminal convictions.
Subject access requests: The time period for complying with a subject access request is reduced from 40 days to one month.
Above we list some key changes of the GDPR in 2018, more changes or full changes hope you could visit the official website of EU, thanks. Next, let’s discuss how the GDPR will impact individuals and businesses separately.
For individual, the implementation of the GDPR means that you have more chance to control over your personal data. You can choose what businesses could and could not get with your information, as well as retract any data if you feel that it is no longer necessary for a particular brand to still hold and process it.
For business, the GDPR will affect not exclusively for the IT field, but the whole enterprise. marketing department will propose new terms and conditions, sales team need to know how their company complies when meeting potential customers. If yours are a business that work within the EU or with EU individuals, you have to pay close attention in order to stay relevant and competitive (as well as operating) in this digital economy.
AOMEI - the easiest backup keeps data safer, is an up-and-coming software company founded in 2009. AOMEI is a freeware-based company, striving to make 81% of the users free to use their products. With professional and reliable support service, AOMEI products are favored by users around the world. Today AOMEI solutions are available worldwide through a global network of service providers, distributors and resellers. AOMEI continued to grow and develop while bearing in mind their mission - Always Keep Global Data Safer, and strive to let billion of users benefit from AOMEI Products, and make AOMEI become the industry benchmark.