GDPR: What you need to know

GDPR is a topic that has built a lot of buzz these past months, but the legislation was first adopted in April 2016, with a two-year transition period allowing businesses to prepare for it.

As of May 25, 2018, all organisations in the EU and many more around the world will need to comply with the European Parliament’s General Data Protection Regulation (GDPR) replacing the Data Protection Directive (DPD) of 1995.

The General Data Protection Regulation ensures that people in the EU have better control over their personal data.

Personal Data

We are living in a digital era where customer data is collected haphazardly, and sometimes as individuals we don’t have much power (and/or knowledge) over how it may be used. In that respect, the EU is seeking to guarantee people have a better understanding of how their data is used and the right to control its usage.

According to the European Commission, “Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.”[1]

Under the GDPR, personal data encompass that notion, plus mobile device identifiers, geolocation, biometric data, IP addresses. It also includes data related to an individual’s physical, genetic, psychological, economic, cultural, or social identity.

 

GDPR. General Data Protection Regulation

GDPR Goals

GDPR aims to significantly strengthen the rights of individuals, who will now enjoy the benefit to ask companies to reveal or delete the personal data they hold. Regulators, on the other hand, will be able to work in greater conformity across the EU, instead of having to follow different laws in each jurisdiction.

The GDPR will bring more transparency in how organizations collect data about people. Going forward, some types of individual profiling will no longer be acceptable unless the person in question has wilfully consented.

GDPR will be applicable to both data ‘controllers’ and ‘processors’. Controllers are companies using personal data, which might range from a one-person online retailer to multinational corporations. Processors are those companies that manage the data under the controller’s guidance.

In the past, only controllers were accountable for any data breach or misdeed.  With GDPR now in place both controllers and processors are obliged to comply with the legislation, making it one of the main differences between GDPR and DPD.

The regulation also applies to all companies that process personal data of people residing in the EU, regardless of the company’s location.

Data protection is everyone’s concern, but at Ria it is our priority

At Ria, the confidential treatment of personal data has always been paramount and is an intrinsic responsibility for our business around the world.

We welcome GDPR and embrace the new legislation for the collection, use, disclosure and security of individuals’ personal data.

Committed to complying with the new regulations and promoting a stronger sense of respect and security for the privacy of our clients, partners, and employees our parent company Euronet has appointed a Data Protection Officer (DPO). With this and the continued support of dedicated compliance officers and specialists, Ria will continue to provide a thorough approach to compliance, ensuring maximum safeguarding and an optimal personal data protection system.

 

[1] European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en