RGPD (General rules of data protection)
In this article we will give an overview of the major changes from the new RGPD. The objective of the RGPD is to protect all the citizens of the EU in the privacy. Since the general structure of information gathering has changed a lot since the first directive which was established in 1995. The key principles of data privacy remain faithful to the previous directive. But many changes in regulatory policies have been proposed:
Greater territorial scope (extraterritorial applicability)
The RGPD is now applied to all businesses that process personal data of individuals residing in the European Union. Irrespective of the location of the company. The RGPD makes its applicability is very clear. It shall apply to the processing of personal data by controllers and processors in the EU. Regardless of whether the processing is carried out in the EU or not. The RGPD shall also apply to the processing of personal data of persons in the EU by a controller or processor has not established in the EU. These activities are related with: provide goods or services to citizens of the EU (regardless of if it is required or not payment) and the control of behavior that takes place within the EU. Non-EU companies that process the data of EU citizens must also appoint a representative in the EU.
Organizations that violate the RGPD, It can fine them with up to 4% global billing annual or 20 million euros. This is the maximum fine that may be imposed for the most serious infringements. For example, not have enough customer consent to process data. Or violate the core of privacy concepts. There is an approach stepped to fines. For example, a company can be fined for the 2% by not having their records in order (Article 28), without notification to the supervisory authority and the subject of the data. It is important to note that these rules apply both to controllers and processors.
The conditions for consent have been strengthened. And companies can no longer use terms and conditions illegible spacious full of legal jargon. Request for consent must be in a form understandable and easily accessible. The consent must be clear using a clear and simple language. Where should it be just as easy to accept or not the consent.
EU regulation (BOE): https://www.boe.es/doue/2016/119/L00001-00088.pdf
For more information you can contact us and we can lead you to a company specializing in the new regulation.