The General Data Protection Regulation and its importance in companies
The GDPR is the General Data Protection Regulation. GDPR for businesses It stipulates that from May 25, 2018, all EU companies, if they market their products or services in the European Union, must be adapted to the regulation.
He GDPR for businesses It has to do with processing citizens' personal data and extends its territorial application to organizations established outside the European Union that deal with data of European citizens to offer them goods and services.
Likewise, the GDPR for businesses Personal data is considered to be any information related to identified or identifiable individuals, for example: name, address, geolocation, health information, biometric data, among others.
In it GDPR for businesses A distinction is made between basic data and data from special high-risk categories.
Special categories of data are sensitive data concerning the most intimate aspects of a person's life. For example: health, ideology, religion, etc.
The aim is to give citizens new rights and greater control and information over the processing of their personal data.
In it GDPR for businesses The information that must be provided to stakeholders is also expanded. This process should be carried out in a concise, understandable, and easily accessible manner, using clear and simple language.
Given this, with the GDPR for businesses Rights are incorporated that improve individuals' control over their personal data. The data controller must facilitate the exercise of these rights by data subjects. These rights include: access, rectification, objection, restriction of processing, erasure (right to be forgotten), and data portability.
The GDPR for businesses This affects businesses because it establishes new obligations based on Proactive Responsibility. This principle is based on prevention and requires the implementation of appropriate technical and organizational measures to ensure and demonstrate compliance with the GDPR. For example, consent must be explicit and obtained freely, specifically, in an informed and unambiguous manner, through affirmative action.
The GDPR also stipulates that measures must be in place to maintain a level of security appropriate to the risk and to demonstrate compliance with the regulation. In the event of a data breach that poses a risk to the rights and freedoms of data subjects, the competent authority and the data subjects themselves must be informed. The maximum timeframe is 72 hours from the time the controller becomes aware of the incident.
He GDPR for businesses It requires each business to review its Privacy Policy, Terms of Use of applications, adapt its internal working procedures, train its employees and add the necessary functionalities to its software to ensure compliance with European regulations.
