Subscribe to our Weekly Newsletter
You will receive relevant news & insights once a week
You can unsubscribe anytime
Please confirm your subscription via email
If you haven't received the confirmation email, please check your spam folder
🇪🇺 EU Policies
The European Union General Data Protection Regulation (GDPR) is a set of rules about how companies should process the personal data of data subjects.
GDPR lays out responsibilities for organisations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to ask for demonstrations of accountability or even impose fines in cases where an organisation is not complying with GDPR requirements.
Understanding GDPR requirements can sometimes be a daunting task. Here are some key requirements:
The companies that process personal data are asked to process the personal data in a lawful, fair and transparent manner. Now, what does this mean?
Let’s understand this:
The companies are expected to limit the processing, collect only that data which is necessary, and not keep personal data once the processing purpose is completed.
This would effectively bring the following requirements:
The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information.
In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
Companies should incorporate organisational and technical mechanisms to protect personal data in the design of new systems and processes; that is, privacy and protection aspects should be ensured by default.
The controller of personal data has the accountability to ensure that personal data is protected and GDPR requirements respected, even if processing is being done by a third party.
This means controllers have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same company.
When there is significant processing of personal data in an organisation, the organisation should assign a Data Protection Officer.
When assigned, the Data Protection Officer would have the responsibility of advising the company about compliance with EU GDPR requirements.