Don’t be taken in by every offer or threat and be faced with high penalties
With the development of the digital area, which includes wide use of the internet, social media, smartphones and applications, as well as the digitalisation of practically all areas of our lives, the volume of collecting of personal data and the flow of information has dramatically increased.
The regulation needed to be changed due to the fact that, in today’s total information society, it is necessary to protect and provide people with the ability to control their personal data, as well as the need to unify and raise the level of protection of personal data in the EU. This is especially important because it is easier for individuals to be tracked, to profile them, and for this information to be used for various purposes. Therefore, there is a need to strengthen individuals’ rights.
Where to start
There are doubtless few companies or organisations that will not have encountered the handling of personal data. The process of preparation of the GDPR, which will come into force on 25 May 2018, must begin with the questions ‘Which data do you handle, what part of it is stored, and who is able to access it?’ A basic step in this context is ensuring regular and up-to-date back-ups of important data are made, which today should already be a standard of doing business.
The following urgent steps should be taken prior to the implementation date:
The new legislation in the area of protection of personal data provides congress participants with:
1. Greater supervision and efficient implementation of supervision of personal data.
2. Easier access to personal data – individuals must be informed in a clear and understandable way about how and for what purpose their personal data is being processed.
3. The right to privacy – if an individual no longer wishes for his/her personal data to be processed and, on the condition that there are no legal reasons for its continued storage, an individual may demand that a company deletes his/her personal data.
4. The right to know how long personal information is stored.
5. The right to request a correction, deletion or appeal.
6. The right to the transferability of personal data, which will ease the process of transmission of personal data in cases where customers wish to change service providers.
7. The right to due legal processes and sanctions – individuals have the right to appeal to a supervisory authority, as well as the right to appeal against the decision of an authority or in the event of inaction by a supervisory authority, and the right to compensation and liability.
8. Individuals may not be subject to measures that derive solely from profiling, analyses or forecasting, through the use of automated processing tools (e.g. assessment of personal characteristics, health, habits etc.).