How GDPR Affects Business
GDPR (General Data Protection Regulation) is a new EU legislation on data protection that will replace the existing data protection regulation of the EU. This regulation will be implemented by each state in the European Union. This regulation is expected have broad range of ramifications for enterprise companies across the EU.
GDPR – Key Questions Answered
Can Data leave the EU?
It is still a controversial issue when it comes to the physical location of data. The EU clearly states that you are allowed to physically move the personal information of EU citizens out of the union if the country in question has the same levels of data protection. However, the Safe Harbor was deemed invalid by a court case in Ireland back in 2016 on account of the US Patriot Act which criterion when the information arrived in the US, hence, making the information less secure for the EU citizens. By the fall of 2016, the EU and the US devised a fresh agreement called Privacy Shield. Even with this new agreement, the issue about moving data out of EU still lingers. GDPR plans to introduce a much higher degree of data security. However, there is still some doubt about how much data can be moved out of the EU.
What are the New Regulations for Data Management?
Some other strict regulations GDPR will introduce include data storage, backing up of data, and data management. GDPR has broadened the definition of ‘personal data’. One should be able to flag data that can be used or combined with other data for the identification of individual. If the information one possesses can identify an individual, then under GDPR, they have the right to ask you to delete the information.
GDPR has also tightened up regulations around consent. Earlier too, one required consent to collect data, however, under GDPR, you need to show and also have properly explained what the information is being used for, and that there are also controls in place so the information will be utilized only for the mentioned purpose. This is expected to bring a higher degree of discipline around data management.
GDPR also asks you to store data only as long as you need it. The individual has the ‘right to be forgotten’- meaning completely erasing the data of the individual if asked. The new legislation will put regulations in place to erase data after a point of time. GDPR does not discriminate for data storage before legislation and has introduced the concept that the personal information is not handed over, instead it is loaned to you.
Will this Affect HR Data?
Yes, it will. It will also affect the terms and conditions of employment as well.
What about Data Breach, Data Security, Security Management?