What are the key changes under GDPR
Personal privacy
Individuals (data subjects) have the right to:
- Access to their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data
Controls and notifications
Businesses can comply if they:
- Ensure appropriate security to protect personal data
- Notify authorities of personal data breaches
- Obtain appropriate consents from stakeholders to process the data
- Keep records and document data processing activities
Transparent policies
Organisations are accountable and must:
- Provide clear notice of data collection requirements
- Outline data processing purposes and use cases as examples
- Define data retention and deletion policies
IT and training
Organisations will need to:
- Train privacy personnel and employees
- Audit and update data policies regularly
- Employ a Data Protection Officer (if required)
- Create and manage appropriate vendor contracts
What does GDPR mean to protect data and privacy
Stricter controls on where personal data is warehoused and how databases are used
Better IT and data governance tools for better transparency, record keeping, and disclosures
Improved GDPR policies to document control to data subjects and ensure lawful processing
The GDPR Process. The How
Under the auspices of The Copenhagen Compliance® Group, we have specialised in Data, IT and Cyber Security and Governance, Risk Management, & Compliance (GRC) issues and activities since 2005.