Are you autonomous or SME and are you in contact with personal data? In Verum Management we remind you that the next day May 25 ends the deadline for adapting to the General Data Protection Regulation (RGPD). As of that date, the EU 2016/679 Regulations and the General Data Protection Regulation of the European Union (GDPR) will enter into force.
companies, self -employed, societies, administrations, associations … All those entities that deal with personal data must be updated based on the new RGPD. In fact, there has been a period of two years to be able to adapt to the new regulation, whose term ends on May 25.
change to the new RGPD
On May 25, 2016, this General Data Protection Regulation (GDPR) entered into force, and will begin to be applied two years later, that is, on May 25, 2018.
This legislation will allow a greater degree of control over the data of the users themselves. Likewise, the main objective of this legislation is harmonizing legislation in EU countries .
most important changes
The most important changes that will exist with the new General Data Protection Regulation are the following:
- more user data information
Companies must expand the information to those interested in reference to the treatment they make of their data, as well as the rights they have about them.
- Recognition of the right of oblivion and right to portability
Among the rights that this new regulation reflects, is the right of oblivion, which allows the user to request that their data be eliminated once they are not necessary for the company. In turn, the right to portability allows you to recover the data in a format to transfer it in another person and facilitate a change of supplier.
- tacit consent will not be allowed
Companies must review the clauses and contracts, since with the new RGPD tacit consent is not allowed. In this way, consent must be clear and distinguishable from other issues.
- Data Protection Delegate
The new General Data Protection Regulation (RGPD) demands the figure of the Data Protection Delegate (Data Protection Office). Its function will be to identify the risks in data protection, and the action protocols to correct them.
- 72 hours to communicate security gaps
Companies must inform within 72 hours if they have suffered a security incident. Likewise, it should not only do it to the data protection agency, but also to those users who have seen their personal data compromised.
Our technical team can help you adapt your company to the new General Data Protection Regulation. Consult in info@verumasesores.com