The GDPR is the new European data protection regulation, which will come into force in May 2018.
The objective pursued by the GDPR is to ensure that data protection is one of the main priorities of organizations. Therefore, this regulation has a significant impact for all entities and the way in which they access, store, process, transfer and disclose user data.
Is it your company prepared for the new principles of privacy and consumer rights? Here we present them:
Privacy principles: GDPR
- Processing lawfulness and transparency
Companies and organizations must guarantee that there are legitimate reasons to collect and use personal data. GDPR requires consent to be clear, specific, detailed, and not freely given. Furthermore, the organization should be able to demonstrate at any time when and how the customer gave his consent.
- Cross-border data transfer
When a data transfer is made to another country or organization that is not listed as an entity with the required level of data safety, that organization must ensure that the external recipient has indeed complied with the required protective measures or that explicit consent by the individual is required.
- Evaluation of the impact of data protection
The new regulation recommends all organizations to carry out an evaluation of the impact of data protection. The nature of their handling, especially when new technologies are adopted, should be taken into account.
- Faithfulness and accuracy
The faithfulness and accuracy of the personal data obtained from individuals must be coherent. It is therefore important for the portal to be maintained and to be user-friendly, with the purpose of users being able to complete, update or edit their personal data when necessary and in a simple manner.
- Data Protection Officer (DPO)
The significant volume of personal data processed by organizations requires a role that acts as a point of contact for persons and administrations in the event of any problem with the protection of personal data. The DPO can also offer advice to organizations in regard to measures and policies to implement in order to protect the personal information and data of individuals.
- Limited Purpose
Data processing should be strictly limited to the consent given by the customer.
- Data minimization
Only the personal data required for the purpose of the process may be collected and stored.
- Right to be informed
Every individual must be clearly informed by the organization in regard to the adequate level of information for the process, which includes the name and contact data of the organization, the purpose and legal bases for the data handling, as well as the period of time in which the data for the individual will be stored. Transparency is paramount across all data processing activities, so that the individual can be aware of them all.
- Right to access and amend
The organization must provide access by users to their data processes in order to verify that data that has been processed, its purpose… In the event that there is incorrect data, individuals will be able to easily correct it.
- Right to be forgotten
Every individual has the right to request that organizations immediately delete his personal data.
- Right to restrict data processing
A user may request an organization that processing of his personal information be restricted. In this event, even of the organization is still able to store the individual’s data, data processing will be limited to what was requested.
- Right to object
Individuals have the right to object in relation to the processing of their data.
- Right to data portability
The user has the right to request a copy of the information stored about him from an organization, as well as to request that this data be transferred to another organization. Data must be presented in a structured, machine-readable, commonly-used format.
Despite the awareness of the importance of adapting the systems of organizations to the GDPR, there is a very high number of European companies that are not yet prepared for this new regulation.
To face this situation, WSO2 Identity & Access Management may be all you need to adapt your IT systems to the GDPR. Without a doubt it’s the fastest, safest and easiest way to face the strict regulation!
If you want to know more about the GDPR or need better assistance on how to implement WSO2 Identity & Access Management in your organization, contact us, our experts will answer all your questions.