GDPR EU 2016-679 Data Privacy Regulation will come into force next month having some important key pillars.
If you have customers residing in the European Union you’re subjected to GDPR and you must adapt your processes and systems to that new law: this applies also to Companies that are outside EU.
As I said, there are few key pillars that “GDPR EU 2016-679 Data Privacy Regulation” introduces:
– “Right to be forgotten“: the user have the right to ask for its data cancellation from your system. This means that you have to completely remove everything that is related to his person, his account, etc. Pay attention that GDPR prescribes a deadline of 30 days since the request is received: within that period you can request to the customer an extension (30 days) beyond which you’ll be actionable
– 72 hours for data breach reporting: in case of data breach you have no more than 72h properly inform your customer(s) and the National Data Protection Authority.
– More granularity for consumer consents: each of them (if many) must be explicit (the user must accept or refuse) even if mandatory. A mandatory consent is the one without which is you cannot provide services or goods to your customers (you’ll not be able to manage personal data). An optional consent is the one wich may be refused by the individual without prejudice to service or goods provisioning (e.g. marketing emails)
– PDPA
– DPO for big Companies
It does affect data of individuals but not only for EU Companies: each business that is based outside EU and have EU citizens as customers must be compliant.
Did you know that?
Read the article ==> Yes, The GDPR Will Affect Your U.S.-Based Business