GDPR at a glance

Information

Explain in simple language why a company processes personal data, how the information will be used and how long it will be stored.

Lawfulness of processing

Personal data shall be processed lawfully, and it is possible if processing is necessary for the performance of a contract, for compliance with a legal obligation, for the purposes of the legitimate interest of the organization or consent has been given. Consent is not the only legal basis.

Risk management approach

According to the processing characteristics, appropriate technical and organizational measures shall be implemented to minimize the risk to the rights and freedoms of natural persons.

Rights to the data subjects

Data subjects shall be able to exercise their rights, including the right of access, to rectification, to object, to revoke consent, to erasure and restriction of processing.  For example, people shall be able to give up marketing campaigns or any kind of direct communications or even ask for their data to be deleted.

Special data categories

Enhanced security to the processing of personal information on health, race, sexual orientation, religion or political view.

Data breach management

Companies are required to manage any breach of personal data and notify to regulation authorities if an impact to the rights and freedoms of people is likely to happen.

The General Data Protection Regulation (GDPR) entered into force on May 25th 2018, replacing the Data Protection Directive 95/46/EC.

Designed to harmonize data privacy laws across Europe, protect and empower all EU data subjects’s privacy and reshape the way organizations across the region approach data privacy, the GDPR has introduced multiple changes, becoming the most important change in EU data privacy regulation in the last 20 years.

Although the GDPR represents a solid step forward in the protection of the personal data of the EU data subjects, it may impose a non-negligible cost to public and private organizations of any kind and size in order to adapt their data management processes and privacy policies to the new regulation.

While public bodies and large corporations can efficiently adopt the GDPR, for micro enterprises it can incur to unaffordable costs due to a lack of resources or awareness. It is of vital importance to bring support to Micro Enterprises in the correct adoption of the legislation, so they can minimize or eliminate the risks for the rights and freedoms of the data subjects, avoiding the risk of important economic fines which would seriously affect their sustainability.

Although the GDPR represents a solid step forward in the protection of the personal data of the EU data subjects, it may impose a non-negligible cost to public and private organizations of any kind and size in order to adapt their data management processes and privacy policies to the new regulation.

While public bodies and large corporations can efficiently adopt the GDPR, for micro enterprises it can incur to unaffordable costs due to a lack of resources or awareness. It is of vital importance to bring support to Micro Enterprises in the correct adoption of the legislation, so they can minimize or eliminate the risks for the rights and freedoms of the data subjects, avoiding the risk of important economic fines which would seriously affect their sustainability.

GDPR 25 may 2018
Europe General Data Privacy Regulation