GDPR Compliance Tips: Is Your Business Ready for the New Data Protection Legislation? | Part II
TABLE OF CONTENTS
10 keys to GDPR compliance
1. «Consent, affirmative acceptance»
2. “Privacy by design and by default”
3. «Risk Analysis»
4. “Record of processing activities”
5. “Notification of a security breach”
6. “New rights for data subjects”
7. “Data Protection Officer”
8. “Higher level of information and transparency”
9. “One-stop shop”
10. “New sanctioning regime”
10 keys to GDPR compliance
1. «Consent, affirmative acceptance»
This principle changes, now consent must be a manifestation that entails an unequivocal acceptance by the user, either through a statement or through an affirmative action. Silence is no longer considered positive, tacit consent disappears. Likewise, pre-checked boxes will under no circumstances be valid forms of obtaining consent.
2. “Privacy by design and by default”
From the initial planning stage of a project, it is necessary taiwan telegram phone number list to consider whether it has implications for data protection. Early detection of possible processing that impacts personal data. Joint vision and coordinated actions between legal, organizational, business and IT areas.
3. «Risk Analysis»
The obligation to carry out data protection impact assessments is born . The GDPR Compliance currently known security levels (basic, medium and high) will disappear. Now the measures will depend on the result of the assessments, based on the risk to be managed, which will require the implementation of mechanisms and procedures to protect the data.
4. “Record of processing activities”
With the GDPR, it will not be necessary to register files in the General Data Protection Registry; on the contrary, organizations will have to have an internal record of the different personal data processing they carry out.
5. “Notification of a security breach”
Security breaches must be notified to the data protection how to avoid spam filters in email marketing authorities, in the case of Spain, to the Spanish Data Protection Agency, within a maximum period of seventy-two hours.
6. “New rights for data subjects”
The obligation to comply with the rights that we already know will bw lists continue, such as access, rectification, cancellation (now called deletion), and opposition; to which two new rights have been added, the limitation of processing and the portability of data. The data controller is obliged to respond to the interested party’s requests without undue delay and no later than within one month of receiving them.