When it’s written in full, the meaning of the acronym GDPR becomes very clear – it’s the General Data Protection Regulation (EU Regulation 2016/679, “GDPR”). As a Regulation, the GDPR is directly applicable to all EU Member States.
It becomes fully effective on May 25th, 2018.
Infringement of the provisions shall be subject to very significant administrative fines: up to 20 million Euro, or 4% of the total worldwide global turnover of the preceding financial year, whichever is higher.
What does the GDPR include?
As part of the requirements imposed, the GDPR establishes the accountability principle, which is crucial for the roles of Data Controller and Data Processor. This translates into the obligation for a company or an institution to justify, document and demonstrate the organizational measures they have undertaken, together with the techniques they have adopted in order to comply with the GDPR and protect personal data as a result.
The main actors are:
- The Data Controller.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- The Data Processor.
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.
- The Data Subject
The identified or identifiable natural person to whom the data
As a service provider, Contactlab can be defined as a Data Processor. Considering that the services we provide take into account the rules and principles of privacy by design, Contactlab can make a valuable contribution towards helping the Data Controller respect and comply with the accountability principle.
How Contactlab can contribute with respect to GDPR obligations
The main GDPR obligations that companies and institutions must respect include:
- Principles relating to processing of personal data, related to lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and accountability, pursuant to Article 5 GDPR.
- The rights of the Data Subject, included in Articles 12 to 23.
- The precise and specific identification by the data controller of the obligations, responsibilities and tasks to be undertaken by data processors, through contracts, or other legally binding acts.
- The maintenance, as a controller or a controller’s representative, of records of processing activities.
- Notification to the supervisory authorities of any personal data breach and, where appropriate, to the data subject, together with the maintenance of a register of all data breaches.
- The adoption of adequate technical and organizational security measures, according to the envisaged data and rights risks, carrying out, if appropriate, a Data Protection Impact Assessment (DPIA) prior to the processing.
Contactlab can help the Data Controller with:
- The collection of explicit consent from data subjects, including privacy policies and consent requests;
- Effective management of Data Subject rights requests;
- The managing the tracking and the storing of all consent and the exercise of the rights of data subjects in he Database.
How to start? The first steps…
Contactlab makes a team of experts available, who can help companies to:
- Identify the processing of personal data carried out by, or on behalf of, the data controller.
- Identify the systems that are used for processing activity.
- Understand operational areas and how the Contactlab platform can support the company with personal data management.
Click here to contact Contactlab Customer Service for further information and to find out what we can do together so that on May 25th 2018 we will be ready!