What is GDPR?
The General Data Protection Regulation (GDPR) is a European legislation that defines new parameters for the protection of identifiable personal data and will be mandatory from May 2018. It acts on personal (name, address, IP, number of bank account, among others) and private data (biometric, medical and financial information, among others), since the protection of personal information and the citizen’s integrity are defined as priorities by the EU.
Whom is addressed to and what are its implications?
The GDPR norm is addressed to entities responsible for the processing of data (data controllers), to the subcontractors for that effect (data processors) and the processing operations that focus on European personal data subjects. It implies that all the departments of a company identify, evaluate, categorize and can manage the personal data they have, contributing to the increase of their clients’ trust, limited to what they authorize. For this reason, it contemplates the following dimensions: Governance Compilance, People and Communication, Security and Privacy, Processes, Data and Analysis.
In this context, organizations should have processes, tools and people that act in the review of data protection policies, namely in data collection processes and personal data processing, as well as create or update their compliance practices with the regulation. For the transposition of the regulation, it will be necessary skills at a legal, risk management, cyber security, technological and organizational levels. The 3 main requirements for the security of data in order to act in compliance with the GDPR norm are:
