General Data protection Regulation (GDPR)
The new general regulations for privacy security enter into force as from May 25th 2018. This implies that from that date on the same Privacy security legislation will be effective in the European Union.
What are the changes resulting from the GDPR?
- Transparency and communication;
- Organisations no longer have to report the process of personal data at the authority for personal data, but are, instead, obligated to document the data;
- Organisation can be obligated to hold a privacy impact assessment(PIA) concerning the risks at processing the personal data;
- Organisations can be obligated to hire a data security officer.
For organisations this implies extra responsibilities:
- The digital transfer of personal data to third parties must be secured;
- The organisation has to have a data security policy;
- Responsibility for the chain of administrators;
- Documentation of all data leaks;
- Counselling of the authority personal data;
- Get distinct agreement of the person concerned. Distinct meaning that a vague agreement is not sufficient, the organisation has to be able to prove the consent;
- The right to destroy information;
- The right of complaint, especially against profiling;
- The right of repayment and liability.
The benefits of the GDPR for the organisation
From the moment that the general regulations for privacy security (GDPR) enters into force there will be only one privacy law in the EU, instead of 28 different national laws.
If your organisation is active in more than one EU country the GDPR offers some extra benefits:
- More legal security through distinctness concerning responsibilities within the EU;
- Level playing field for organisations within the EU;
- Working with a supervisor. The supervisor is expected to take an active role.
The correlation with the ISO/ IEC 27001 standard
Organisations that are certificated according to this norm will have to be able to prove according to chapter A.18 that they act on the effective laws and rules. This will be checked during the audit by means of control questions. The GDPR demands that personal data are secured through suitable technical and organisational measurements within the company.
Being or aiming to be compliant to the ISO/IEC 27001 norm, helps organisations structure and taking purposeful measurements for the protection of personal data.
What is the start date of the new GDPR?
On May 4th 2016 the GDPR was published in de the Publication letter of the European Union. 29 days after that the GDPR has become effective and will be legally binding as from May 25th 2018. This transition period is necessary in order to prepare companies and supervisors for the GDPR.
Want to find out where your company stands?
By means of a zero measurement relevant articles of the regulation will be examined carefully. Privacy risks that your company is currently taking will be shown and named. In short you will know where your company stands and what you will have to doe, the measurements that you will have to take, to meet the regulations demands. QMS International works with a number of auditors, who have profound knowledge of the ISO/IEC 27001 as well as the GDPR.
Are you interested in a zero measurement concerning the GDPR? Please contact us to discuss your possibilities and/or to receive a noncommittal quote.