On May 25, 2018 GDPR brought in rules, regulation and financial penalties to see to it that the personal data of E.U. citizens and residents remains safe from cybercriminals.
Groups that breach this legislation can be sanctioned with fines up to€20m or 4% if annual global revenue for the previous financial year – whichever figure is greater.
Rights assigned to specific individual under GDPR legislation include:
- All people have the right to the security of personal data on them that is held.
- Personal data like this must be processed fairly for the agreed purposes and on the basis of the consent of the person it relates to.
- People have the right to access to data gathered in relation to them and, additionally, and the right to have it corrected if there is a mistake or error.
- An Independent body will manage the implication and policing of these rules.
- All people have the right to access the personal data concerning him or her that is being held.
- Data like this should be processed fairly for specified purposes and on the basis of the consent of the person concerned, or some other legitimate basis laid down by law.
- An independent authority will be charged with policing the compliance with these rules.
The rapid rise in the amount of online hacking crimes has made securing personal data critically important. Cybercriminals will do all in their remit to try and obtain private information such as: names, identification number, geographic/location data, contact details, social security/welfare details, bank account numbers, identifying images, cookie identifiers, IP addresses, other online identifiers.
There have been a massive amount of well publicised cybersecurity attacks and data breaches such as the Marriott Hotels controversy, The Facebook Cambridge Analytica breach and the Equifax data violation. In addition to this there have been even more data breaches a much smaller, less well publicized scale. Those responsible will face criminal convictions if they are apprehended, and those who did not make the personal data safe have been sanctioned with designated financial penalties.
Companies GDPR Obligations
There are a variety of legal obligations on companies and organizations. They include:
- The implementation of a suitable processing systems for data that they store or process.
- Employing data processors that are legally appropriate.
- Keeping records of processing activities.
- Ensure that all data is always protected properly.
- Data impact assessments must be completed on a regular basis.
- Hire a Data Protection Officer (DPO).
- Ensure that all relevant codes of conduct and certification are complied with.
- Legally transferring data outside of the EU in a legal way.
Personal data is of the utmost importance and must be always kept safe protected in the manner stated in GDPR legislation. Should this not be the case then there may be a massive personal cost to the individual affected and expensive financial sanctions taken against those who should have secured the personal data.