Comply with GDPR guidelines in business with European clients
Does your web application comply with GDPR? If not, it’s time to take action to avoid potential legal problems. LiteBreeze takes the fact that the Digital Economy is worth three trillion dollars seriously and ensures to comply with all laws and regulations worldwide.
This economy is mainly information based, fueled by the rise in the number of knowledge workers and a world that has become more open to sharing information, the right to privacy is threatened by the emphasis on the free flow of information and protection of economic interests.
Most people do not know they are being tracked, and they aren’t given a choice whether to be tracked or to have their online behavior and personal information shared with large networks.
As mass data collection becomes the norm, concerns about the use of sensitive personal data, profiling, targeted advertising based on demographics and psychographics, and surveillance is growing.
Sensors capable of harvesting your location, finger-prints, monitor your health, and tracking your spending habits are already on your smartphones. A collection of small pieces of data can add up to a surprisingly complete picture of who you are, where you’ve been, and what you’ve been doing.
This information can then be used to calculate your insurance premium, credit score, identify political views, physiological profile, sexual orientation, highly targeted advertising and more.
What is GDPR?
GDPR attempts to protect privacy and give control back to the people. It replaces the outdated data protection directive of 1995 with a stricter general data protection regulation. The GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents.
It provides for a harmonization of the data-protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; GDPR lays down strict data-protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher.
What are the major new requirements?
One way to describe the GDPR is that it simply legislates a lot of data security and privacy ideas such as:
- Minimize the collection of personal data
- Delete personal data that’s no longer necessary
- Restrict access
- Secure data through its entire lifecycle
- Privacy by design
- Data protection impact assessments
- Right to erasure
- Right to be forgotten
- Right to information
- Breach notification
- Data protection officer
Is GDPR applicable to you?
All firms located in the EU. And firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residents.
What is personal data?
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How is GDPR different from data protection directive?
Although the data protection directive of 1995 contains some of the same protections, the directive was designed before the internet was what it is today. And as a directive, EU member states could implement it as they saw fit. This resulted in many inconsistencies, and for the most part, was ignored by the information industry as it lacked teeth to compel compliance.
On the other hand, being a regulation, GDPR must be followed by all EU states, and it applies to any company that collects and processes the data of EU residents. Regardless of where the company is based. The severe penalties prescribed by GDPR ensure c-suite attention.
How to ensure compliance?
Based on legal advice from experts, we can help audit your existing systems and processes to make the required changes in your IT infrastructure. Furthermore, all staff members, including non-technical ones, should be made aware of the changes brought by the new regulation, its principles, and the new roles and responsibilities that will affect their daily jobs.
It is essential to establish company policies regarding data protection, data retention, data breach incident, HR data protection GDPR applies to everyone and this includes your employee’s PI data, marketing data, social media, encryption, outsourcing, and bring your own device policies.
Is LiteBreeze GDPR compliant?
- LiteBreeze AB being a Swedish company automatically comes under the scope of GDPR.
- LiteBreeze India implementes same standards to ensure GDPR compliance.
- We sign Data Protection Agreements with EU clients
- We have implemented strict internal guidelines to protect the rights of our clients and their customers.
- Routine employee training programs