Personal data processing in compliance with GDPRLexika 19.04.2018 In the news Reading time: 2 min.
Any breach or abuse of personal data creates a high level of publicity over the subject of personal data protection. Several recent incidents at high profile companies are a clear sign that they have not been processing their customer data with due care. Personal data protection should, therefore, be an integral part of the standard operating practices of any company.
General Data Protection Regulation (GDPR), which is in effect from 25 May 2018, is a European legislation that significantly changes the way that companies are to view and process personal data. The primary objective is to protect the rights of EU citizens in relation to personal data and to simplify the requirements for processing their data by companies.
What is GDPR?
GDPR is a new EU regulation on personal data protection governing processing of personal data of EU citizens. It is replacing the previous Data Protection Directive.
Who does GDPR apply to and why is it important?
GDPR, effective since 25 May 2018, has been affecting entrepreneurs, companies, and other organizations that process personal data for anything other than private purposes. Companies running online stores, selling products or services, and using customer or supplier databases are going to be affected the most.
What does GDPR change?
These are some of the fundamental changes:
Consent to data processing
In case when consent to personal data processing is mandatory, the new regulation requires it to be specific, freely given, informed, and unambiguous. This means, for example it cannot be hidden in commercial terms and conditions. Online, user’s active affirmative action will be necessary.
New documents, texts, and authorized persons
Other changes will see companies appoint a data protection officer. Most business will be creating new internal documentation to comply with the requirements.
Risk-taking does not pay off
In order to gain adequate respect particularly from large global players that process the personal data of millions of EU citizens, GDPR introduces high fines. Violation of personal data protection obligations can cost the company up to €20,000,000, or 4% of the global annual turnover, whichever is the higher.
Companies have an obligation to report any breach or loss of personal data to the respective national authority. These may include unauthorized database access, loss or theft of any devices containing customer personal data, etc.
How to prepare for GDPR?
You should follow these steps:
- Analyse the scope of collected personal data.
- Examine current documentation such as consent forms and contracts, commercial terms.
- Align internal processes and activities with GDPR requirements.
- Ensure that information technologies and systems are properly secured.
How does LEXIKA prepare for GDPR?
As our clients, translators and employees can confirm, we have always taken data security and confidentiality seriously. Personal data is valuable and every company needs to protect it. LEXIKA has over recent months been adapting its internal regulations to comply with the requirements of GDPR.
Translation of GDPR documents
With the help of our translators specializing in legal, marketing, and IT domains, we can provide translations of new documents and texts related to GDPR from English to German, French, Italian, and to other European and world languages.