What are the key provisions of GDPR?
Privacy by design and default – GDPR needs
organisations to include privacy in their processes and systems by design. This
means that all the company software and systems should adhere to the key tenets
of GDPR. For instance, the software should be able to completely erase personal
data if required by the data subjects. These changes will also affect companies
who could call, does your business incorporate telemarketing into it mix? Make
sure your business telephone systems are up to date. Checkout our seersco.com.
Right to be forgotten - Before we examine
this provision, it's worth recalling the story of Spanish resident Mario
Costeja González. Back in 2009, the Spaniard began a five-year battle with
Google when he discovered an incriminating story about himself from 1998. Costeja
wanted Google to remove links to the story which were not relevant to his life
anymore. With the help of the Spanish Agency of Data Protection, he knocked on
the doors of the European Court of Justice which ultimately ruled in his
favour. This decision underlined the importance of the 'Right to be Forgotten'.
Organisations cannot hold any data without prior approvals and need to have
strict mechanisms in place to delete data if requested by users. If you are
calling anyone from your telephone system, they must already be on your data
base, or have given you permission to make contact.
Right to Data Portability – GDPR allows
data subjects to obtain and transfer personal data, from one data controller to
another, in a safe and secure fashion. This provision allows individuals to
leverage their personal data for their own benefit. Make sure your data is up
to date RE: your telephone system.
Explicit opt-in consent – GDPR strengthens
the case for explicit opt-in consent from customers before using their personal
data. Control over one's personal data, a simmering issue in the US, is a big
aspect of GDPR. Under the regulation, the data subject is completely in control
of their own data. Organisations also need to make sure that they communicate
clearly while asking for personal data and also clarify about its intended
usage. You can use this oppotunity to update your telephone system with new
features, don't get caught out.
Harsh non-compliance fines - The regulation
places strict demands on businesses as non-compliance will result in penalties
of up to 4% of worldwide turnover or 20 million Euros, depending upon the
nature of violation. Make sure your business telephone system does not violate
GDPR terms.
Stricter rules for data breaches – Breach
notification is another key provision of GDPR. Under this provision, it will
become mandatory for organisations to notify the data protection authority and
customers within 72 hours of a data breach.