The GDPR

The General Data Protection Regulation (GDPR) is a new EU law to protect the personal data rights and freedoms of individuals (EU Citizens and other categories of people are covered, all referred to a data subjects). GDPR imposes robust business obligations on the collection, storage and processing of an individual’s personal data. The law applies to businesses no matter where in world they operate. If they collect, store or process personal data from an individual covered under the law, then they are obligated to comply. There are distinct rights given to individuals. They can take action in a number of ways to exercise their personal data rights. The new obligations and rights will require businesses to change their operations. There are potential large fines for non-compliance.

General Data Protection Regulation Explained

PRACTICAL GUIDE TO GDPR

The European Union’s General Data Protection Regulation (GDPR) is enforceable by law on 25th May 2018.

The law is centered around a common theme or an individual’s right to determine how businesses use their personal data. The EU has enacted GDPR in order to provide obligations and rights through a single, strong, data protection law.

Who needs to comply?

The GDPR is complex and far-reaching. It will require businesses to examine and change the way they collect, store and process personal data. Any business that handles, or processes, the personal data of EU data subjects – no matter where the data subject, or the business, is located – must comply with the GDPR. In fact, you can even process personal data on behalf of another company and still have to comply. Businesses must think of their place within supply chains, and about their supply chains, and how personal data flows among companies within the chain.

Personal data encompasses various information about an individual, such as name, address, email, phone numbers, identification numbers, technical and location data from device, and many other types of data that can identify an individual, either directly or indirectly. Whether several components are captured, or just one, the regulatory requirements are the same.

Starting your Compliance Programme

The GDPR signals a landmark change in data privacy, and many businesses will require technical, operational and cultural changes to handle personal data within the rules of the law. A good practice to comply with the GDPR is to enact a compliance program that fits your business. Set easy to understand policy and make sure employees, contractors, contingent workers and outside service providers handle personal data properly per the law and your policy. Be clear with your customers. Let them know what personal data you collect, store and process. Give them the means to exercise their rights. Demonstrate that your compliance program is in place and being followed by keeping good records and evidence of compliance.

Sovy’s suite of tools, resources and educational services are designed to simplify GDPR and other compliance obligations. We guide businesses step by step and take the burden out of compliance. Our solutions are tailored for Small to Medium-Sized Enterprises. We’re affordable. And, for middle market and larger enterprises, Sovy Advisory Services draw from our team of veteran regulatory, risk and security experts to solve complex compliance problems.

Rely on Sovy. Trust the Owl to help you Get Ready, Get Compliant, and Stay Compliant with the GDPR.

People have the right to:

• Receive Plain Information Notices
• Give and Withdraw Consent, Opt-In/Out
• Restrict or Object to Data Processing
• Challenge Automated Decisions
• Object to Direct Marketing
• Request Access to Personal Data
• Rectify Inaccurate Personal Data
• Request Data Erasure “To Be Forgotten”
• Request Data Portability
• Complain to Businesses and Authorities

Businesses must:

• Comply with GDPR General Principles
• Follow a Data Handling Code of Practice
• Assess Data Privacy Impacts
• Assess and Change Data Handling
• Provide Information Notices Plainly
• Obtain and Manage Consent Opt-In/Out
• Operate with Legal Purpose and Accuracy
• Provide Transparency to Profiling Actions
• Process People’s Requests and Rights
• Provide Evidence and Record-keeping