Article Preview
TopGdpr Most Significant Updates
Apart from the already mentioned increased penalties, the General Data Protection Regulation has included many other updates that directly affect US companies with businesses in Europe. This is, in fact, the most important update: every non-EU organization must be compliant with the regulation when they conduct activities related to the collection and treatment of private data to EU citizens (“Regulation (EU) 2016/679 of the European Parliament and of the Council,” 2016).
With the goal of preserving the security and liability of the enterprise, as well as of offering guidance to technology professionals, controllers have to designate a qualified individual called Data Protection Officer (DPO) in the following scenarios (“Regulation (EU) 2016/679 of the European Parliament and of the Council,” 2016):
- •
Processing is carried out by a public authority, except a court acting in the exercise of its judicial function;
- •
The main activities consist of processing operations which, by reason of their nature, scope and/or purposes, require routine and systematic observation of subjects of large-scale data;
- •
The main activities consist of the large-scale processing of special categories of personal data and of data relating to convictions and criminal offences.
Another great way of preserving the security and minimizing risks is by performing a Privacy Impact Assessment (PIA). This is basically a risk assessment to better know the potential risks to which an organization is exposed based upon the type of activities that it does with the personal data. Specifically, the GDPR defines that a PIA must be performed, at least, in any of the following cases (“Regulation (EU) 2016/679 of the European Parliament and of the Council”, 2016):
- •
The company’s activities involve profile elaboration;
- •
The company treats large scale sensitive data;
- •
The organization systematically observes great scale data of public areas.