New mandatory regulations on the protection of personal data?
Published on 13/01/2017 in Innovate
It's a done deal: the new European regulations on personal data have been approved by the European Parliament. Why did Europe think this law was so important? And above all: what are the consequences for your company? It's high time for clarification.
In the past twenty years, technology has developed at record speed. Internet has become omnipresent, social media have claimed their place and big data has become big business. And the legislation? It lagged further and further behind.
New times, new laws
In April this year, the European Parliament approved the General Data Protection Regulation (GDPR). Every company now has just under two years to take the necessary measures before this legislation comes into force on 25 May 2018. The fact that this is a real 'regulation' means that the law will take effect immediately in every European member state. Moreover, the law does not just affect European companies. It also applies to all companies or organizations that deal with personal data from European citizens. Infringements of the law are punishable by fines that may amount to four per cent of the global annual turnover or EUR 20 million.
What does the new law require of your company?
The law has widened the definition of personal data. Genetic, social, cultural, mental and economic details are now also considered personal data. Basically, this means that if you keep anything about your customers, suppliers, etc., you fall under this regulation. So even an accountant or the baker on the corner where you can order your bread via a webshop will be subject to these rules.
From 25 May 2018, all companies that process personal data will have to appoint a data protection officer and carry out data protection impact assessments for projects with high privacy risks. Data leaks have to be reported within 72 hours. Data processors can be held directly responsible for the security of personal data. This has sizable consequences in terms of both infrastructure and organization. Customers can ask a company what data are stored. The company has to disclose this transparently.
Companies that work together and exchange data about European citizens both have to comply with these regulations. In addition, every company not only has to be able to detect data leaks and security incidents itself, but respond correctly to them: the leak must be sealed, an investigation must be launched and legal proof must be collected. You also have to prove that you have taken minimum protective measures to cover personal data relating to your customers, suppliers, etc. All data from before the incident have to be stored and must be retrievable.
What can you do?
Proximus guides you through this process with insight and solutions.
- Screening and monitoring of your security measures
- Storage and backup of your data in our secured data centers
- Identification of weak spots in your network and on your websites
- Proximus Secure Internet, a latest generation firewall that we manage for you
- Protection of all data on your smartphones and other connected devices
- Secure management of company data on all devices from one platform, apps, rules on use and back-end systems
Contact your account manager or contact us via email@example.com