The 1995 Data Protection Regulation was completely outdated with today’s technology and internet so in April 2016, the European Parliament refreshed data protection with the GDPR – General Data Protection Regulation.
The regulation requires that businesses have to ensure the protection of personal data and privacy of EU citizens for transactions that occur within European Union member states.
The regulation also covers the exportation of data outside of the EU.
Businesses that store or process any personal information about European Union citizens within the EU states have to comply with GDPR.
Below is a list privacy data which is protected under the GDPR:
Your 12 Step Plan:
The GDPR calls for the mandatory appointment of a DPO for businesses that processes or stores large amounts of personal data, this includes both employees and individuals outside the organisation.
DPOs must be “appointed for all public authorities, and where the core activities of the controller or the processor involve ‘regular and systematic monitoring of data subjects on a large scale’ or where the entity conducts large-scale processing of ‘special categories of personal data,’ like that which details race or ethnicity or religious beliefs.
Handy, useful and actionable resources to help ensure your business is GDPR compliant in time.