Did you know that the General Data Protection Regulation (GDPR) is based on 7 principles?
The GDPR was adopted by the EU parliament in April 2016. It is a legal framework that sets guidelines for the collection and use of personal information on European Union citizens. This regulation does not apply to European businesses only, but to all business that deals with personal data of European citizens.
For example: ZYX is a company incorporated in Mauritius and sells garments to clients living in Europe via its website. The company has the obligation to follow the GDPR guidelines otherwise it may be sued for none compliance to the regulation. The company might incur a fine of 20,000 Euros or up to 4% of the annual turnover of the company!
Since the 25 May 2018, all organisations dealing with EU citizens must follow the regulations set by the GDPR, which is based on 7 principles:
Read more on our website: link
Lawfulness, fairness and transparency.
Personal information should be collected in a lawfully manner, used fairly as it should be and in a transparent manner (Informed for which purpose, how long will be stored, etc).
Purpose limitation.
Information collected should be for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This principle is related to fairness and transparency.
Data minimisation.
The collection of personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Other data non relevant to the purpose of the data collection is a breach of data collection.
Accuracy.
Collected data should be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Storage limitation.
Information should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
Integrity and confidentiality (security)
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)."
Accountability.
This means that businesses are responsible for compliance with the principles of the GDPR. Any organization doing business with EU citizen should have a written document for their data collection and processing. This document should be submitted if requested.
Not complying with requirements of GDPR puts your business at risk of paying hefty fines but the risk of being affected by a Data Breach has massive impact on your organization reputation which can be extremely difficult to manage.
If you would like to assess your risks with regards to GDPR and ensure that you are in adequately protected from Data Breach and potential fines, please contact us now on …
Comments