The General Data Protection Regulation (GDPR) is an European law designed to strengthen the data rights of the residents of the European Union (EU) and harmonizes the data protection laws across all member states. Making it identical in this way and bringing more transparency to the people about what data organizations collect and what purposes they use it for.
Fundamentally, data plays a important role in almost all aspects of our lives. Your name, (email)address, credit card number and more are collected, analyzed or stored by organizations. Under the new GDPR terms, organizations will have to ensure that all these personal data is gathered legally and under strict conditions and that those who collect and manage the data are obliged to protect it from misuse and exploitation.
Controllers and processors
According to the GDPR organizations need to understand the difference between data controllers and data processors. The data controller determines the purposes for which and the means by which personal data is processed and therefore decides ‘why’ and ‘how’ the personal data should be processed. The data processor is normally a third external party and processes personal data on behalf of the controller. The duties of the processor towards the controller should be specified in a contract: the so called data processing agreement.
The GDPR introduces the requirement for a personal data breach to be notified to the national supervisory authority. Although you may have taken every step necessary to minimalize risk, breaches are unfortunately never hundred percent preventable. Controllers and processors are therefore encouraged to plan ahead to be able to detect and immediately end a breach and to determine whether it is necessary to notify the competent supervisory authority and the individuals involved.
Failure to comply with the requirements of the GDPR can lead to high fines. To prevent that from happening Kiwa can help organizations in information and privacy security, with assessments, audits and certifications.
Would you like to be able to demonstrate that your organisation is in control when it comes to the protection of privacy-sensitive information? Have your privacy and data security checked by our experienced auditors and receive a GDPR certificate.Show
Kiwa's free GDPR Self-assessment helps you get a free indication of how your organisation is doing in the GDPR area. Based on 13 questions you will receive an initial indication, an explanation of the GDPR situation within your organisation and an advice.Show