We want to make it easy. We will summarise the both feared and famous GDPR so that you know what it is that you and your clients (for whom you hold data) must take into account to achieve full GDPR compliance.
Lets not fool ourselves, since time immemorial, humans have sought to protect their own privacy. It is said that in 1879, the term the “right to be left alone” began to be used. We would like to see the face of its inventor, though, upon learning that the entire context of social media has, in fact, made us go backwards. But we are not here to talk about anthropology, rather the GDPR and what the key concepts are that you and your clients should know.
Those companies that have already complied had a lot of advanced work to comply with the GDPR, which came into full force last year. That is why we will later review the five words that can help guide you towards data legality and GDPR compliance.
Personal data
Come on, you already know this one. Even so, what is and is not personal data should be defined. This is any information that identifies a person in a direct or indirect manner.
That is, everything that can allow you to be recognised or found is personal data. Your name, identifying documents, address, phone number, and even demographic or medical data are all personal data.
Consent
Maybe someday we will live in a world where the fact that consent is sacred will not have to be repeated in different areas, but for the moment we do not. Therefore, consent is one of the points on which the GDPR has put more emphasis.
Before, unless the user said otherwise, they could be accepting a clause. We could even find pre-marked boxes that we often forgot to uncheck, right? Well, this is something that can no longer happen. The express consent of the user is required for it to be legal to possess their data.
Penalties
You definitely know this word. But you may not be aware of exactly how much the penalties for non compliance of the GDPR can amount to.
The established fines are common throughout the EU and can reach, if you have behaved very badly, 20 million Euros or up to 4% of your company’s revenue, if the second amount is greater than the previous one.
Seeing these numbers, the best advice we can give you, as we always do, is to respect the regulations.
Supervisory authority
This concept is closely related to the previous one. A supervisory authority is an independent figure that is established by an EU member state and is responsible for ensuring GDPR compliance.
In each country, one or more supervisory authorities may be appointed. So, now you know that there is a keen eye keeping track of all data.
Data breach
A data breach is an unequivocal sign that something has gone wrong. It means that the imaginary fence that protects your clients’ data is not strong enough.
If you suffer one, the person responsible must notify the relevant supervisory authority within a maximum of 72 hours.
Would you like some more?
We hope we have helped you along the path to GDPR compliance by defining these five key concepts. But, above all, we hope to have made you want to delve deeper and find out everything related to the General Data Protection Regulation.
