The new EU (European Union) Privacy Legislation came into operation yesterday (25th of May 2018) and affects all South African Companies operating in the EU.
You can DOWNLOAD THE G.D.P.R Here
G.D.P.R Simplified
- In Breach of the G.D.P.R? – Companies can be fined up to 4% of their GLOBAL revenue.
- No tracking on the Internet of people without their explicit consent
- EU Citizens may request any company information on what data they have on them (even their boss, banks or anyone) They may then request that company to: permanently delete all data, provide a full copy of all data, make changes to data and more.
- It is no longer possible to simply have a tickbox, where a user can tick, to provide permission. There is a stronger onus on companies to ensure that users are completely aware and directly provides consent, regarding their data.
- Companies and marketers have to provide the Identity and contact information of a Data Controller
- Companies and marketers have to provide exact information on how, why, where, who (country and 3rd party companies, countries and formats) data would be stored, transmitted, managed, retained, for how long (time), users rights (requests, deletion, changes, complaints and all other tights in terms of the G.D.P.R)
How: Encryption, Transmission, Storage, Methods and Operation
Why: Legal basis, Service, Information
Where: Countries, Other Companies, Data Centers
Who: Data Officer Identity & Contact Information, Company, Other Companies & Individuals
Rights: To own data, Information, Information about GDPR rights, Deletion, Consent withdrawal, Changes, All data and all other GDPR rights – for example: Explicit permission, how long (period) of data storage, etc.
Key Issues covered by the G.D.P.R
- Consent
- Data Protection Officer
- Email Marketing
- Encryption
- Fines / Penalties
- Information Obligations
- Order Processing
- Personal Data
- Privacy by Design
- Privacy Impact Assessment
- Records of Processing Activities
- Right of access
- Right to be Forgotten
- Third Countries