The day has come at last! As of today, the 25th of May 2018, the new EU-wide Data Protection Rules, better known as the General Data Protection Regulation (GDPR), applies in all the EU Member States directly, without conversion into national law.
What does this mean?
The Privacy Commission will ensure that privacy is respected when processing personal data. This new legislation applies to anyone who deals with personal data.
These are 5 important takeaways you should know by now about GDPR:
- A Data Protection Officer should be appointed for every organization that processes large scale data in an automated way. GDPR does not target the lawyers or physicians that collect personal patient data, meaning:
- Patient data from a hospital
- Travel data from individuals of city’s metro system
- Real Time geo location data
- Processing of data (content, traffic, location) by telephone or internet service providers
- Explicit consent: It must be as easy to withdraw consent for the use of your personal data as it is to give it.
- Right to have access and to be forgotten: Collecting the data (by electronic format) must be as smooth as deleting it.
- Data minimization: Don’t ask more information than strictly necessary. The GDPR calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.
- Increased Territorial Scope (extra-territorial applicability): The new legislation will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.
Not quite there yet?
The Belgian Privacy Commission will help you! They have drawn up a 13-step plan for companies to put themselves in order with the new legislation. You can consult this great plan on the website of the Privacy Commission or on this link in Dutch or French.