The proper treatment of information of users and customers by companies is a topic that is the order of the day and more after seeing the creator of Facebook, on April 10, appearing before the US Congress. admitting that the personal data of 87 million users of the social network were sold without the consent of the users themselves.
In this regard, the European Union has launched the General Data Protection Regulation (GDPR). A stricter regulation about the privacy of the information of users and clients has its deadline for implementation tomorrow, May 25. But what does this mean for companies that handle customer data? Am I on time to adapt my company to the new regulation?
From PaynoPain we have decided to publish this small tutorial to help the lagging companies to understand the key points of the new data protection regulation and to update quickly to avoid being penalized.
WHAT IS THE NEW REGULATION BASED ON?
The General Data Protection Regulation, as the name itself indicates, is a new data protection law of the European Union. This regulation grants users greater control of their personal data and obliges companies and organizations to ensure that such information is collected, processed and stored in a secure manner. From the European Union, this law provides for a change in the way of thinking of companies about the information of users, based on the maxim that privacy is a right.
TO WHOM DOES THIS REGULATION AFFECT?
To any company or organization that owns or uses user data within the framework of the European Union.
WHERE DO I BEGIN, WHAT SHOULD I DO?
First of all, we must know what data we have and where they circulate, both inside and outside the organization. It would be interesting as well as important that a data audit will be initiated to identify them and then classify them based on certain parameters.
The GDPR is based on the previous European data protection regulation, so if that regulation was complied with we will already have a large part of the work done. This aspect will penalize companies that did not attach importance to data regulation, so they will have to work twice as hard to adapt to the new law.
THAT DOES NOT CUNDA THE PANIC, HERE IS A HELP …
The Spanish Agency for Data Protection provides a tool for companies dealing with information and personal data that, initially, involves a low level of risk, such as: contact data and billing of customers and suppliers of a SME or the data processing of employees in order to maintain the employment relationship.
Through this simple online survey by steps, where we are asked about the activity of our company and the way in which we treat the data, the Spanish Agency for Data Protection provides us with a report with the informative clauses to be included in the forms information request, the document to be attached in each of the contracts for the provision of services, the registry of treatment activities and an annex with recommendations on security measures and treatment of personal data captured by video-surveillance cameras. Everything presented in the report complies with the new data protection regulation and is ready to be implemented by our company.