What does this mean for you as an entrepreneur?
Does GDPR also apply to your company?
The new regulations will apply to all companies in the European Union that collect and use data about individuals. Moreover, the GDPR also applies to companies outside the EU that offer their products and services to customers in the European Union.
The GDPR increases the rights of individuals in the processing of their data and forces companies to change their approach to organizing and ensuring the protection of personal data.
Compliance with GDPR guidelines will be necessary for companies that employ more than 250 employees. In the case of smaller companies, the regulation only covers those entities uzbekistan b2b leads that may violate the rights or freedoms of individuals when processing personal data and those that process sensitive data .
GDPR does not cover:
individuals who process personal data unrelated to professional activity, for example, they store correspondence with a group of friends
bodies related to national security
EU and diplomatic institutions
crime prevention bodies.
Personal Data Protection Inspector (DPO)
Data protection officers are to provide additional professional support for data administrators and processors. Their task, like that of information security administrators (ISA), will be to ensure proper protection of personal data.
The new regulations significantly strengthen the role and position of data protection officers. Appointing a data protection officer will in many cases become an obligation, and not, as before, the rights of the data administrator. Additionally, the function of the IOSA may only be performed by a natural person appointed by the data administrator. On the other hand, the function of the IODO may also be performed by an organizational unit appointed by both the administrator and the processor.
The inspector will be obliged to:
informing administrators and employees about their obligations under the provisions and the Regulation
monitoring compliance with the provisions of the Regulation and other EU regulations
providing guidance to the administrator when implementing appropriate techniques aimed at effectively securing personal data
conducting systematic audits in the company
being a contact person for the persons whose data is processed by the administrator as well as for the supervisory authority, i.e. GIODO, and will be obliged to cooperate with it.
Every entrepreneur should consider and decide whether they are obliged to appoint a Personal Data Inspector (DDI) in their company.
This obligation is necessary in three categories of entities:
in public entities (except courts), including private entities carrying out public tasks;
in entities processing data in a way that requires monitoring of data subjects;
in entities processing sensitive data.
Administrator Responsibilities
The personal data administrator will be obliged to adapt the IT systems so that the data can be completely deleted or transferred to another company. The data administrator will also be obliged to provide information regarding the personal data to the person concerned. When the person submits a query, the coordinator is obliged to answer this question within one month.
Violations must be reported
GDPR introduces the obligation to report breaches. Within 72 hours of detecting a breach, you must report to the appropriate supervisory authority (Personal Data Protection Office). The supervisory authority should be informed of such breaches that are highly likely to result in a violation of the rights and freedoms of data subjects. You can also report this information to a specific person whose rights and freedoms have been threatened by the violation.
The administrator will be held directly responsible for any negligence.
Failure to comply with the GDPR recommendations involves serious sanctions. Even ordering data processing by a subcontractor does not exempt from direct liability - in such a case, the client and the subcontractor will be jointly and severally liable.
In addition, the contract with subcontractors will have to meet the new, more restrictive conditions specified in the regulation. In addition, in companies employing more than 250 employees, each activity related to the processing of personal data (disclosure, deletion, etc.) will have to be registered.
It is therefore worth properly preparing for the introduction of GDPR in your company.
