What is the GDPR?
The new European General Data Protection Regulation (GDPR) is intended to provide better privacy protection for citizens.
The purpose of the GDPR is to protect the citizen’s privacy better by laying down uniform rules for the entire EU:
- The citizen gains greater control over how his personal data is used;
- There is a clear legal structure, so that companies know how they have to act in order to guarantee privacy.
Every organisation, every company, every governmental authority that collects and processes personal data of European citizens must apply the GDPR, irrespective of the country where the company or the organisation is established.
GPDR on collecting data (online and offline)
- The user must give his express consent (opt in). No pre-ticked boxes (opt out) any more in order to receive a newsletter or commercial announcements.
- The data collector must mention expressly which data is collected and to what purpose.
- The collected data may be used only for that purpose and during the period in line with that purpose.
GDPR on storing data
- When you store data, you must provide adequate protection thereto and ensure the guarantee thereof.
- Any breach of data security must be reported within 72 hours.
- The person whose data you store has the right to access, peruse, improve, and have the data removed. The company must be able to produce an electronic copy of his private file.
- The person whose data you store must also be able to withdraw his consent at all times.
GDPR on supervising data
- Companies with more than 250 employees must appoint a Data Protection Officer to supervise the correct application of the GDPR;
- In Belgium, the Privacy Commission is responsible for the supervision of GDPR compliance.
-
Rules for the processing of personal data
GDPR - Rules of thumb for the processing of personal data -
Consent of the party concerned
The basic rule of the GDPR is that the user must give his express, active consent for his personal data to be stored and processed.