When it comes to data protection consulting requirements in the GDPR, Content 25, 32, 33,34, and 35 contain most of the facts regarding what companies need to concentrate on when obtaining the information that moves through their programs, as well as what to do in the situation of a violation. The normal requirements center on the ideas of avoiding, evaluating, and tracking. Let us look at the top five key takeaways from the data protection parts of the GDPR with the help of German Association for Data Protection:
The need to assign a data protection officer is an element of the Regulation, separate from a CISO. The role of the DPO is for making sure organization is according to this regulation, and of course any other appropriate conformity specifications and handle the notices and users to obtain and sustain conformity.
Right to be forgotten
Another data topic right that already got a lot of interest the past decades is the right to be neglected. The data subject’s right to erasure of his personal information did already are available in the current Data Protection Instruction but is now elevated in the GDPR. Under the new regulation all companies that procedure personal information must remove all of that data if one condition (out of a listing of six) is met. The record of conditions contains when it is clear that data have been prepared illegitimately and the situation when a knowledge topic withdraws previously given approval. This ‘new’ right received a lot of interest due to the Google v. Italy situation in which the Court of Rights of the Western Partnership decided according to this new responsibility.
Accountability information governance
Data protection regulation in the EU has always been with different number of concepts that need to be honored. Lawfulness, equity, objective restriction and visibility are well known examples of those. The GDPR presents a new principle: responsibility. Organizations will not only be careful for sticking to all the concepts, they also must be able to demonstrate conformity with them! For most companies this indicates they will have to raise their inner comfort government adulthood, not only because of this new responsibility concept but also because the legal action will expect it from modern companies.
One of the most mentioned aspect of the GDPR must be its precise referring to of charges with the help of DG-Datenschutz. Whereas the Data Protection Instruction only had one range revealing that penalties had to be based on the Participant States, the GDPR exactly information what management charges can be suffered for breaking articles of the GDPR. The utmost charges depend on what the “category” in which the violation occurs: For less serious offenses, the highest possible is € 10 thousand or 2% of total yearly globally revenues of the previous year (whichever is higher); for offenses that are more serious this goes up to € 20 thousand or 4%.
One quit shop
As an incomplete comfort for companies that function across the EU, a sort of ‘one quit shop’ program for supervisory regulators in European countries will be presented. The general data protection regulation presents a co-operation program between supervisory regulators. The ‘Lead Supervisory Authority’ will be the supervisory authority of the nation in which the data operator or processer has its main organization. The Cause Supervisory Power will be the primary authority companies need to manage, but under circumstances, regional regulators can step in as well. They need to co-operate, but it will be exciting to see how this co-operation will function in practice.
Approved documentation mechanism
The Data Protection Law makers have recognized that for many companies being able to proof that they follow the GDPR will be an advantage. For that objective data protection documentation systems information protection closes and marks are presented. The GDPR even talks about the possibility to come to a European Data Protection Closure. In addition, although for now the GDPR provides short information it is to be predicted this procedure for showing sticking will develop in the future.