The European Union’s new General Data Protection Regulation (GDPR), which raises the standards for companies to protect individuals’ personal information online, goes into effect on Friday, May 25. The EU Parliament passed the GDPR privacy standards bill in April 2016 after more than three years of negotiations and gave companies two years to get into compliance before it starts enforcing the law. European boards will be under pressure this month to make the changes this new law requires. In order to achieve compliance, companies will need to create a new framework for decision making and the implementation of a board portal is crucial. Board portals, like Govenda, allow directors to quickly achieve their goals in an efficient and secure manner. Govenda, trusted by companies worldwide, will help companies manage the GDPR mandates, save time, money, and enhance board governance.
Defending the Privacy of EU Citizens
One of the biggest changes of the GDPR privacy standards is that the regulations defend the privacy of citizens of the 28 EU member countries as they conduct business within those borders, regardless of where the company they’re interacting with is located. In other words, even US-based companies that do not have a physical presence in the EU, but do target EU consumers and store their personal data can be penalized for not complying. Another major change GDPR privacy standards mandates are that the regulations expand the definition of what constitutes “personal data” that must be protected. It is not limited to financial transactions. “Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person” qualifies as personal data, according to the GDPR’s Frequently Asked Questions page. “It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”
The EU lists six key rights that EU citizens will gain:
-
Breach notification: Data subjects whose personal data is compromised in a way that risks their “rights and freedoms” must be informed within 72 hours of the data processor discovering the breach.
-
Right to access: EU citizens can ask whether and where their data is being processed and how it is being used and receive that data for free.
-
Right to be forgotten or data erasure: If the data is no longer relevant to its original purpose or the user withdraws his or her consent to use it, he or she can ask the processor to delete it and quit processing it.
-
Data portability: A subject can ask that his or her data be transferred to a different data controller. This right allows subjects to benefit from the value of their personal data and requires data processors and controllers to keep data in a commonly used format so it can be used be transmitted to others.
-
Privacy by design: The requirements of GDPR must be implemented as a system is being designed rather than added on later and should allow for controllers to hold only the minimum necessary personal data.
-
Data protection officers (DPO): Data processors and controllers whose activities require regular monitoring of EU citizens on a large scale must hire a DPO internally or as an outside contractor to maintain internal records.
Preparing for GDPR with Board Portal Software
According to the UK Information Commissioner’s Office (ICO), which is responsible for implementing GDPR in the UK, provided extensive guidance for complying with GDPR privacy standards. ICO offers a 12-step process for implementing the new laws with security concerns at the forefront. Specifically, companies will need to organize an information audit to document what personal data they hold and who it is shared with, how personal data is deleted, and proper procedures in case of a data breach. ICO also suggests that boards designate a Data Protection Officer to “take responsibility for data protection compliance and assess where this role will sit within the organization’s structure and governance arrangements.”
Implementing a secure board portal software like Govenda will greatly mitigate risk when making the change to the GDPR privacy standards. Govenda offers a common secure platform for all documents, laws, regulations, data, and information. It is also easy to manage the new committees and that will be critical for GDPR privacy standards compliance. Onboarding Data Protection Officers is easy with our excellent customer care team and easy to use app.
Other posts you might be interested in
View All PostsImproving Data Protection Conversations in the Boardroom
Read MoreFour Preventable Organizational Compliance Risks
Read MoreBoard Portal Software for Global Pharmaceutical Companies
Read MoreSubscribe to email updates
Get updates delivered directly to your inbox.