Published on 08/11/2016 in Solutions & services
In April this year, the European Parliament approved the General Data Protection Regulation (GDPR). Every company now has just under two years in which to take the necessary measures before this legislation comes into force on 25 May 2018. The fact that this is a real regulation means that the law will take effect immediately in every European member state. It covers all companies or organizations that deal with customer data from European citizens. Anyone who infringes the law risks fines that may amount to 4% of their global annual turnover or €20 million.
Genetic, social, cultural, mental and economic details are now also considered personal data. Basically, this means that if you keep anything about your customers on file, you will fall under this regulation. So even an accountant or the baker on the corner will be subject to these rules. As of 25 May 2018, all companies that process personal data will have to appoint a data protection officer and carry out data protection impact assessments for projects with high privacy risks. Data leaks will have to be reported within 72 hours. Data processors can be held directly responsible for the security of personal data. This has sizable consequences in terms of both infrastructure and organization. Customers can ask a company what data are stored. The company has to disclose this transparently.
Companies that work together and exchange data about European citizens will both have to comply with this regulation. In addition, every company not only has to be able to detect data leaks and security incidents itself, but respond correctly to them immediately: the leak must be sealed, an investigation must be launched and legal proof must be collected. You also have to prove that you have taken minimum protective measures for your customer data. All customer data from before the incident has to be stored and must be retrievable.
As finding suitable data security candidates is already a complex undertaking, and as this new law will make the search even more difficult, you can opt for a Proximus data protection officer. What is more, with our experienced Cyber Security Incident Response Team we are able to manage your security services from a distance, fully in line with the new legislation. Company information can be accessed from any smartphone. This is why Proximus offers you several solutions to keep your data safe. These are some of the services that we can offer you in order to comply with the new legislation.