The introduction of the General Data Protection Regulation (GDPR) in the European Union (EU) in 2018 was another indication to all people of the importance of safeguarding personal data in light of the current cyberattack epidemic that does not look like alleviating.
The EU recognized the requirement to enhance data privacy legislation. Due to this companies, groups and individuals were given a legal responsibility to do as much as possible to keep private and personal data secure.
GDPR outlines rules, regulations and fines that seek to see to it that the personal data of E.U. citizens and residents remain protected from threats at all times. Businesses and groups that breach this legislation can face fines as high as €20m or 4% if annual worldwide revenue for the previous financial year – whichever figure is greater.
GDPR also assigned specific rights to individuals as listed below:
- All people are given the right to the protection of personal data that relates to him or her.
- Data such as this must be processed fairly for the stated purposes and on the basis of the consent of the person it is linked to, or some other legitimate basis included in relevant legislation.
- People have the right to access to data, which has been gathered regarding them, and the right to have any mistakes corrected.
- An Independent body will oversee the implication and policing of these rules and regulations.
- All people have the right to the protection of personal data related to him or her.
- Data like this must always be processed fairly for specified purposes and on the basis of the consent of the person concerned, or some other legitimate basis laid down by the relevant legislation. All people must be given the ability to access to data which has been collected concerning him or her, and the right to have it corrected.
- An independent authority Compliance will police these.
The increase in cybersecurity crimes has made safeguarding personal data hugely important. Cyber criminals will do all in their power to try and obtain private information including: names, identification number, geographic/location data, contact details, social security/welfare details, bank account numbers, identifying images, cookie identifiers, IP addresses, other online identifiers.
As well as the well-publicised cybersecurity attacks and data breaches involving Marriott Hotels, Cambridge Analytica and Equifax data breach in the USA, there are even more data breaches that take place on a much smaller, less well-known level. The parties who commit cybersecurity crimes face criminal convictions if they are apprehended. Those found to have failed to make the personal data safe have been sanctioned with designated penalties.
Obligations on Businesses/Groups under GDPR
There are a some of legal obligations on businesses and groups under GDOR including:
- The creation of adequate processing systems for data management.
- Using data processors that are legally compliant.
- Handling and keeping records of processing activities.
- Securing all data from possible breaches and capture by unauthorized people.
- Constant data impact assessments.
- Designate a Data Protection Officer (DPO).
- Compliance with codes of conduct and certification.
- Management of legal transfer of data outside of the EU.
Personal data is important and should be secured in a fashion which is compliant with GDPR laws. If companies or businesses fail to do this then they may face costly financial sanctions.