The most important changes and what you can do to avoid steep fines.
The new EU regulations covering personal information handling will come into effect in a year's time. It will be relevant for everyone handling information about EU and EEA citizens. What are the most important points?
The Most Important Points that could Affect You and Your Website
- Businesses handling personal information must be able to document why, how, what information is handled.
- All businesses and organizations must define a person responsible for personal information management. This person will have more responsibilities and duties than before.
- Personal information leaks must be reported to the Data Protection Authority and the people involved must be informed.
- It will be easier to request that information is deleted, unless there are legal reasons why the record should be kept.
- The EU member countries will be entitled to give fines or administrative sanctions. The fines can be as large as 4% of the revenue, but max €20 million.
How do I Prepare and Avoid Fines?
- Audit your company's handling of personal information. What information is being handled by you and how do you manage it? Why do you need the information?
- Assign a person responsible for information security, preferably with knowledge of law and computing.
- Study how you tell people about your handling and storage of personal information. Are you sufficiently clear? Do you state how and why the information is stored?
- Define and document routines and means to delete personal information. How do you move data securely? Analyze the risks involved and look at what routines are in place for reporting data intrusion to the authorities.
- Request help from IT and law firms during the process. Many are already working with clients to assist with planning and education.
What is The Status in My Country?
Contact your website provider or legal council, or search your government's website for terms like "GDPR" and "Regulation 2016/679 of the European Parliament".