Data Protection and GDPR Solicitors
Any company that offers goods or services in the European Union (EU), no matter what size business, must comply with the regulations. Charities and nonprofit entities that collect information from people in the EU must also adhere to the GDPR. Even businesses considering expanding into the EU are required to comply, even before business operations begin.
Key Elements Of Data Protection
Some of the key elements affecting businesses include consent and accountability, notification of a data breach and the right to be forgotten. Since 1995, the EU has been regulating the transfer of data, but the GDPR has tightened regulations by expanding the types of data defined as “sensitive,” requiring even more protection. In addition, the GDPR now addresses the “psuedonymisation” or depersonalisation of data and defines how that must occur in order to avoid liability.
Businesses must be transparent in how they collect personal data, their use of that data and if they need to obtain consent to use their consumers’ data. Individuals also have the right to withdraw their consent at any time. In addition, separate and specific consent must be obtained for each different action for which a company wants to use an individuals’ data, including sharing data with third parties.
Any data collected by a business must have a time-stamped audit trail and include what the individual opted into and how. Third-party vendors or service providers that access a company’s data must also adhere to the new regulations, with written contracts between the parties.
Security Under GDPR
Security is essential under the GDPR, as it was under the prior data privacy paradigm. Controllers of data must put appropriate security measures in place to protect the data they hold. If personal data is breached, businesses are required to notify their National Supervisory Authority within 72 hours of when the business becomes aware of it.
For customers and clients, the GDPR is a way for consumers to maintain more control over their personal data. It gives them the right to know whether, where and why their personal data is being used.
Businesses must comply with consumers who want their personal data permanently erased (also known as the “right to be forgotten”) and stopped from being disseminated further. They can object to it being used for marketing purposes.
Businesses must restrict the information they collect to the least that is required to achieve their business goals. They must also dispose of outdated information.
Business owners should contact a Tully Rinckey Ireland Solicitor for further explanation and to ensure GDPR compliance.