How does the new RGDP affect my business?
Next May 25th, 2018 comes into force the new General Data Protection Regulation (RDRP). It will affect all those people / companies that collect data from their users or customers, which are in the EU. This means that if you are collecting data from a person in Spain, but your company is, for example, in America, you have to be bound based on the new rules of the European Union (EU). Therefore, if you have customers or users within the EU, you should know a little more about this. We are below introducing its main changes and developments, and how they can affect you.
Express acceptance of data usage
The most significant change is the new RGPD how to accept the consent of use of the data. So far, it was enough inaction user or the use of pre-checked boxes by the company. Starting on May 25, comes into force the new RGPD, this will change. You will now be required to expressly accept the use of user data. This acceptance will compulsorily with a certain action compliance approval or rejection option. The refusal of such consent could result in expulsion user of the page or cancel the service. This consent refers to sending communications and advertising. Collecting data for other purposes, such as billing or drafting contracts,
From now on , transparency in the use and data collection will also be required. This transparency must specify what the data is being collected and what use will be given . The specifications will be so clear and precise , and use a natural and understandable language . Explanations include the purpose of the data and the shelf at the base of the company. In addition, the company will also offer the ability to export data users and the elimination of these under certain circumstances.
That is, since the entry into force of new RGPD, those companies or individuals to collect user data, are obliged to specify clearly good, why are collecting this information and for what purpose. They provide explanations understandable way, without giving rise to a free interpretation. In addition, users may request, if they wish, export your data. These data could be used not only to export them to another company, but to improve the level of transparency. With this, users will know exactly what data the company has about them. It will also be required to implement the right to oblivion . This means that when the owner of the data request, the responsible for them should remove them .
Communication of security flaws
Another of the most important aspects that incorporates the new RGPD is the mandatory disclosure of security breaches. If the database, for example, suffers a data breach , the data controller is obliged to notify those affected. This communication must indicate that the system has suffered a security breach and user data have been compromised. It has a maximum of 72 hours from the time of detection, to perform the notification to the authorities as those affected. This will prevent the case of Yahoo, in 2013, he said he had stolen only a portion of the data, when in fact he was robbed of data of all its users, which hid for two years from recurring
Data processing of minors
The new European RGPD allows the use of data from a child who has reached 16 years . This use is permitted without the consent of a legal guardian of the child. In addition, the new RGPD allows each country of the EU, choose whether decides to lower this age up to 3 years. This means that in those countries that so choose, be legal to deal with data from children from 13 years without the express consent of the parents. In Spain this age has been fixed at 14 years, although being studied in 13. establish companies or individuals wishing to deal with data from children, they will need parental consent of the child. In cases where the child has more than one parent or legal guardian, both parents or guardians must consent to accept treatment of minor data
Want to know more about the new RGPD?
Interested to know more about the changes that apply to the new RGPD? Since SPG will offer courses to become certified in the new General Regulations European Data Protection . The course is aimed at those with or without previous knowledge of the LOPD, who need to know and implement the new requirements of RGPD and adapt them to your organization.
Available Modes: In company / Online