Are you ready for RODO ?
Personal data protection regulation (RODO) is coming into force in May, 2018. New regulations will concern all subjects that automatically process data in European Union. It is worth to read the newest changes in the regulation and start arrangements today. Pillars of protection are staying unchanged, but RODO:
-
escalates the security level of data bases,
-
extands laws of people, whose data is storaged,
-
imposes new duties and new punishments on administrators for default on them.
The obligation of data administrator will be care about high safety level of the data, that assumes appropriate coding and ensuring access to the data only for authorized group of people, only in terms of definited aim. It will be demanded to consult the high level of data secure under the pain of penalty in the amount of even 4% annual, global turnover, up to 20 million Euros. It will not happen without monitoring the safety level due to the obligation of reporting infringing it to the watchdog, that will be lying upon the CRM system administrators.
In practice, this means new duties, which fulfilment will be necessary to meet the requirements of RODO.
Direct responsibility of the data processing
Organisations that process personal data coming from other companies, during rendering services in favour of them, will carry responsibility for braking the RODO law, including the risk of getting financial
punishment.
Extending the information obligation
RODO obligations show numerous information about the way of processing the personal data that have to be included in
the communication
with concerned people.
Assessment of the impact of the data protection
Analysis of the impact of the data protection will be obligatory before all „high risk” actions like large-scale profiling or using the data of special categories (such as the data about health).
Reporting violations
The data administrators’ obligatory will be reporting to the competent supervisory authority all cases of infringement that can cause in threating of rights or liberty of people, whose data was infringement, in 72 hours starting from detecting them.
Appointing the Inspector of Personal Data Protection
The obligation of some companies both controlling and storing the data will be appointing the Inspector of Personal Data Protection. This person must have expert knowledge in the area of personal data protection.
Profile limits
There have been introduced restrictions in the area of profiling including the duty of receiving the agreement for profiling before collecting the data, strict duty of informing about profiling and necessity of acceptance
the disagreement
for profiling.
New and extended citizens’ rights
RODO regulations introduce:
– „the right to be forgotten” (addressed to citizens, who would like to remove their personal data),
– permission to demand exporting the data,
– amplified citizen’s right to access and insight into his personal data.
Transferring the data out of European Union
Non-adjustment to ban on sending the data without keeping a high level of safety will be at risk of high financial penalty.
Agreements
With RODO regulations are introduced new or completed rules of extraction valid and verifiable agreements for processing of the personal data from people whose data is concerned.