The new General Data Protection Regulation (Regulation 2016/679) is intended to reinforce and unify the data protection of individuals in the EU. Its main objective is to give control to citizens or residents in regards to their personal data, and to simplify the regulatory environment for international business by unifying the EU regulation.
This regulation substitutes the 1995 Data Protection Directive (Directive 95/46/CE). It goes into effect on 25 May 2018, it puts to the test all companies including foreign ones that process data of EU residents. Failure to comply with GDPR leads to direct exposure to several sanctions of up to 4% of the annual global volume of the business. Furthermore, the member states will have the possibility of establishing penal sanctions for infractions of the regulation including breaches of national regulations adopted in accordance with it and within its limits.
Wider definition of personal data
The definition of personal data now covers a series of areas, among them the common personal details, as well as other elements such as photography and social content. Furthermore, there are new challenges regarding citizens’ right to be forgotten and the right to access data. Also, there is a need for new elements, such as explicit consent for the collection of data and its use.
Updates to LOPD
On 10 November 2017 the Spanish government approved the new proposal for the Organic Law on Data Protection (LOPD). The update to LOPD makes it a more dynamic since it no longer focuses on the structure of files, rather the flow of personal data that must be protected.
This new norm incorporates among others: widens ARCO (access, rectification, cancelation, and opposition) rights, strengthens the figure of DPO (deputy protection officer), or the definitive exclusion of “tacit consent”.
To prepare your business and shield security in light of GDPR and the new LOPD, Branddocs has created an integral solution that meets all the aspects of collection, management, and custody: Truscloud GDPR.