The General Data Protection Regulation (GDPR) is a regulation that was agreed upon by the European Parliament and Council in April 2016 [Regulation (EU) 2016/679] and is meant to replace the Data Protection Directive of 1995 [Directive 95/46/EC], which was enacted to regulate how companies should protect the personal data of EU citizens.
GDPR is much different from its predecessor Directive 95/46/EC. Unlike a directive, GDPR is a regulation, and it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable in all EU states. Since GDPR will be effective on May 25, 2018, all EU-based companies, that are already in compliance with the current directive, must prepare accordingly so that they meet the requirements of the new regulations.
GDPR’s scope is not just limited to EU, but also includes all foreign companies processing data of EU residents. These could be, for instance, American or Canadian companies engaged in such business.
The following are some of the key requirements of the General Data Protection Regulation (GDPR):
- Sending notifications of data breach incidents
- Obtaining the consent of the subjects for data processing
- Ensuring anonymity in data collection for privacy
- Ensuring safety in the transfer of data across borders
- Providing single set of rules and one-stop shop
- Requiring certain companies to appoint a data protection officer (DPO) to oversee compliance
There are 11 Chapters and 99 Articles under the General Data Protection Regulation. Let us discuss some of the important articles below:
Article 31 provides guideline for instances of single data breaches, and details which Supervising Authorities (SAs) must be informed of the same, within 72 hours of learning about a breach. They must also be provided with details, such as the nature of the breach and the approximate number of data subjects affected by it.
Article 32, on the other hand, concerns the rights and freedom of the data subjects. It requires that data controllers must inform the data subjects as soon as possible when the breaches put their freedom and rights at a high risk.
Article 45 discusses what international companies or third country need to comply with, and what the Commission takes in to account when assessing the adequacy of the level of protection in specific geographic area.
GDPR and Cloud Backup
A cloud-based disaster management system can play a pivotal role in preparing your business for GDPR compliance and minimising the risk of liability. Here are some ways you could minimise your risk:
- Cloud backup is a proven technology and best chance of fighting and preventing data breaches;
- A secure cloud backup will ensure that your customer records are safe from all kinds of cyber-attacks and natural disasters;
- Recovery of corrupt or lost data is faster and safer with cloud backup technology;
- Cloud backup and online storage service providers offer highly skilled and experienced staff that you can count on with your company data.
Understanding what exactly GDPR constitutes is enough for any company to realise the importance of data protection today. Once the regulation is successfully implemented on May 25, 2018, there won’t be any margin for error.
GDPR makes it easier for non-European companies to comply with the regulations without any ambiguity. All of the Articles are clearly written, with out any grey area. Compared to the previous 1995 Data Protection Directive, GDPR comes with more serious repercussions and higher penalties. This is mainly because GDPR applies to all the companies that handle the personal data of EU citizens. Depending on the nature of the non-compliance, infringements could result in fines of €10,000,000 to €20,000,000 or from 2 % to 4 % of the total worldwide annual turnover (revenue) of the preceding financial year, whichever is higher. This is a substantial amount of fine that companies must strive to avoid.
Since new-age threats like ransomware are becoming prevalent, implementing a cloud backup solution is a no brainer. Datastring urges you to be a responsible business and take action sooner than later to comply with GDPR.
Please contact us with your GDPR needs today.
IE: 016 994 294
UK: 0203 034 0523
USA: 716 242 7138