This post will lead you through the new EU regulations about storing personal data in your company servers.
These regulations are no less than a revolution in the way countries refer to their citizen's personal data and to companies ability to store and use it for their needs.
For years companies could have done everything with this data: track people, target people using it, buy or sell this data and so on. This situation is going to be changed.
This article will explain to you how and what you should do in order to face those winds of change.
The GDPR started taking place in the EU on May 25th, 2018.
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.
Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for fields like name, address and Social Security number.
The GDPR allows for steep penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher, for non-compliance.
Companies will be allowed to store and process personal data only when the individual consents and for “no longer than is necessary for the purposes for which the personal data are processed.” Personal data must also be portable from one company to another, and companies must erase personal data upon request.
The GDPR defines several roles that are responsible for ensuring compliance: data controller, data processor, and the data protection officer (DPO).
The GDPR requires the controller and the processor to designate a DPO to oversee data security strategy and GDPR compliance.
WHAT SHOULD MY COMPANY BE DOING ACCORDING TO THE GDPR?
Ronen Wasserman and the ROM Team