The GDPR is the General Data Protection Regulation and regards the processing of personal data and it’s free movement, and is mandatory from the 25th May 2018.
It applies to all natural or legal persons who process the personal data of residents of the European Union, and even if they are not residents of the EU, those that provide services or engage in businesses with these residents.
It is necessary to provide information about your identity, why you collect the data, how long this will be stored and to whom the information will be made available to. For this, it is necessary that there exists a clear consent to the collection, access, storage and disposal of data, as well as notifications of any such violation.
In the first instance, it is important to create a Confidentiality Agreement, where the data and channels to be exchanged are defined; and what interlocutors and rules will exist in the reporting of incidents. Finally, in the case of a relationship termination, it is necessary to provide information about the removal of related privileges and record their elimination.
This new regulation is available in the Official Journal of the European Union, and in Portugal via the National Commission for Data Protection (CNPD) which presents 10 measures for the correct application of the GDPR.
Failure to comply with this regulation by both parties may lead to the filing of a complaint with the National Data Protection Commission (CNPD) in Portugal through a Complaints Form should a violation of the data obtained be detected. The fines for this breach may amount to EUR 10 million or 2% of the volume of the group which the company is based within, in less serious cases, or in more severe cases, 4% of the annual turnover or up to 20 million euros.
To find out if your company complies with this new data protection regulation, do not hesitate to contact us, just schedule a meeting with our team: firstname.lastname@example.org.