<\/span>Stricter obligations for data controllers<\/span><\/h2>\nData controllers and their subcontractors must comply with increasingly strict obligations. In everything they do, they must always endeavor to take the issue of data security<\/b> into account, limiting the collected data to a minimum. In addition, they must also take every possible technical and organizational measure<\/b>, ensuring it is adapted to the nature and risks associated with the processed data. <\/p>\n
Organizations that typically process large amounts of data (such as polling organizations) will be required to appoint a data protection officer<\/b> (DPO). Finally, data controllers must also communicate any security breaches<\/b> to the authorities, to their customers and to the people whose data they process.<\/p>\n
![\"data-protection-officer\"](\"https:\/\/www.emailvendorselection.com\/wp-content\/uploads\/data-protection-officer.jpg\")
<\/p>\n
Data transfers<\/b> to countries with different levels of protection must be strictly limited to specific cases. Last year, for example, the European Court of Justice declared the Safe Harbor framework invalid, causing quite a shockwave. Things will probably be no different for Safe Harbor\u2019s replacement, namely the Privacy Shield agreement, that will exist alongside the regulation.<\/p>\n
The sanctions outlined in the regulation are particularly impressive as fines can amount to up to EUR 20 million or 4% of the company\u2019s annual global turnover<\/b>. The accountability of subcontractors has also increased.<\/p>\n<\/span>Emphasis on transparency<\/span><\/h2>\nThe regulation ignores the purely formal measures that had been enacted under the previous directive (i.e. the requirement to declare any processing operations), choosing instead to focus on the increased transparency<\/b> of data processing operations. As such, the regulation stipulates which information must be provided to people whose data is processed. <\/p>\n
The information must be complete and must be communicated in an \u201cintelligible\u201d form, in clear and simple language. The requirement of informed consent<\/b> makes it impossible, for example, to collect data from children under the age of thirteen. And it is one of the reasons we see cookie consent popups<\/a> on so many sites. <\/p>\nThe rights of the individual whose data is collected have been extended and simplified, giving them the option to oppose data processing<\/b> under certain circumstances (for example for direct marketing purposes). A person may request any data that concern him or her and which were collected by a data controller in a commonly used format so they can be transmitted to another data controller (\u201cdata portability<\/b>\u201d). Finally, people now also have the right to oppose profiling, for example, based on their personal data.<\/p>\n<\/span>It is not too late to do the right thing<\/span><\/h2>\nIt is not yet too late to implement the obligations arising from the GDPR<\/b>. Nor must we lapse into blissful optimism, however. Chances are the authorities responsible for the implementation of the new regulation will do everything in their power to increase controls as soon as it takes effect.<\/p>\n
<\/p>\n<\/span>Emphasis on transparency<\/span><\/h2>\nThe regulation ignores the purely formal measures that had been enacted under the previous directive (i.e. the requirement to declare any processing operations), choosing instead to focus on the increased transparency<\/b> of data processing operations. As such, the regulation stipulates which information must be provided to people whose data is processed. <\/p>\n
The information must be complete and must be communicated in an \u201cintelligible\u201d form, in clear and simple language. The requirement of informed consent<\/b> makes it impossible, for example, to collect data from children under the age of thirteen. And it is one of the reasons we see cookie consent popups<\/a> on so many sites. <\/p>\nThe rights of the individual whose data is collected have been extended and simplified, giving them the option to oppose data processing<\/b> under certain circumstances (for example for direct marketing purposes). A person may request any data that concern him or her and which were collected by a data controller in a commonly used format so they can be transmitted to another data controller (\u201cdata portability<\/b>\u201d). Finally, people now also have the right to oppose profiling, for example, based on their personal data.<\/p>\n<\/span>It is not too late to do the right thing<\/span><\/h2>\nIt is not yet too late to implement the obligations arising from the GDPR<\/b>. Nor must we lapse into blissful optimism, however. Chances are the authorities responsible for the implementation of the new regulation will do everything in their power to increase controls as soon as it takes effect.<\/p>\n
The rights of the individual whose data is collected have been extended and simplified, giving them the option to oppose data processing<\/b> under certain circumstances (for example for direct marketing purposes). A person may request any data that concern him or her and which were collected by a data controller in a commonly used format so they can be transmitted to another data controller (\u201cdata portability<\/b>\u201d). Finally, people now also have the right to oppose profiling, for example, based on their personal data.<\/p>\n It is not yet too late to implement the obligations arising from the GDPR<\/b>. Nor must we lapse into blissful optimism, however. Chances are the authorities responsible for the implementation of the new regulation will do everything in their power to increase controls as soon as it takes effect.<\/p>\n<\/span>It is not too late to do the right thing<\/span><\/h2>\n
![\"visual-gdpr-gameplan-small\"](\"https:\/\/www.emailvendorselection.com\/wp-content\/uploads\/visual-gdpr-gameplan-small.jpg\")
<\/a>