Does your web application comply with GDPR? If not, it’s time to take action to avoid potential legal problems. LiteBreeze takes the fact that the Digital Economy is worth three trillion dollars seriously and ensures to comply with all laws and regulations worldwide.
This economy is mainly information based, fueled by the rise in the number of knowledge workers and a world that has become more open to sharing information, the right to privacy is threatened by the emphasis on the free flow of information and protection of economic interests.
Most people do not know they are being tracked, and they aren’t given a choice whether to be tracked or to have their online behavior and personal information shared with large networks.
As mass data collection becomes the norm, concerns about the use of sensitive personal data, profiling, targeted advertising based on demographics and psychographics, and surveillance is growing.
Sensors capable of harvesting your location, finger-prints, monitor your health, and tracking your spending habits are already on your smartphones. A collection of small pieces of data can add up to a surprisingly complete picture of who you are, where you’ve been, and what you’ve been doing.
This information can then be used to calculate your insurance premium, credit score, identify political views, physiological profile, sexual orientation, highly targeted advertising and more.
GDPR attempts to protect the privacy and give control back to the people. It replaces the outdated data protection directive of 1995 with a stricter general data protection regulation. The GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents.
It provides for a harmonization of the data-protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; GDPR lays down strict data-protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher.
One way to describe the GDPR is that it simply legislates a lot of data security and privacy ideas such as:
All firms located in the EU. And firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residents.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Although the data protection directive of 1995 contains some of the same protections, the directive was designed before the internet was what it is today. And as a directive, EU member states could implement it as they saw fit. This resulted in many inconsistencies, and for the most part, was ignored by the information industry as it lacked teeth to compel compliance.
On the other hand, being a regulation, GDPR must be followed by all EU states, and it applies to any company that collects and processes the data of EU residents. Regardless of where the company is based. The severe penalties prescribed by GDPR ensure c-suite attention.
Based on legal advice from experts, we can help audit your existing systems and processes to make the required changes in your IT infrastructure. Furthermore, all staff members, including non-technical ones, should be made aware of the changes brought by the new regulation, its principles, and the new roles and responsibilities that will affect their daily jobs.
It is essential to establish company policies regarding data protection, data retention, data breach incident, HR data protection GDPR applies to everyone and this includes your employee’s PI data, marketing data, social media, encryption, outsourcing, and bring your own device policies.