GDPR stands for General Data Protection Regulation, new data privacy laws in the European Union that will take effect 25 May 2018. This regulation has major effects on how businesses process data and ensure privacy, with hefty financial consequences.
Nayax is committed to data privacy and we’ve put together a guide to understanding the new piece of legislation.
WHO DOES THIS LAW APPLY TO?
Although the law refers to the rights of EU citizens, it applies to any business that has EU citizens as data subjects, or any business that processes the personal data of EU citizens.
Furthermore, the law applies to data controllers and any third-party data subcontractors they engage, who will be equally liable for any data violations.
WHY IS THE EU INTRODUCING GDPR?
The EU’s thinking is that the digital economy can only grow with consumer trust. It believes the best way to foster trust is through transparency, which will help private citizens understand how their data is used.
The rights granted give back citizens control of their personal data. These rights are also meant to encourage businesses to use their consumers’ personal data respectfully, emphasizing security and privacy above the companies’ own bottom line.
What gives this law weight is the increased monetary fines for violating the GDPR regulations. For the most severe infringements, businesses can be fined 4% of their global annual turnover, or €20 million (whichever fine is larger).
Any person that is identified, or can be identifiable because of data, is protected under this law. Personal data can include an email address, IP addresses, or any other metadata collected.
The GDPR will force organizations to identify all the personal data they may hold. It also requires businesses to keep internal records of how they are complying with the new legislation, in the case that they get audited by the EU.
The GDPR gives EU citizens the right to enquire and change their minds. They will have the right to access their data from a data controller, enquiring what data is being processed, and for what purpose. Furthermore, they have the right to be “forgotten” and for data portability – that is they can ask that their personal data be deleted or transferred to another data controller.
PRIVACY BY DESIGN
Two other important ideas raised by GDPR are privacy by design and data minimization. Data protection should be kept in mind when designing a new system or starting a company. Additionally, the law requires that data only be minimally processed, restricting the holding and processing of data to a limited audience with the purpose of completing a job.
Nayax has undergone a data protection impact assessment (DPIA) to comply with the GDPR legislation. At present we are engaged in modifying and updating our business activities, products and internal processes to be fully GDPR compliant by May 25th.