GDPR. FAQ

in gspr •  7 years ago 

I'm thinking on this serie of GDPR posts, by now, instead on posting the details of articles and so, I'm thinking on putting a serie of questions and awners, like a typical FAQ page. Hope you like it!

Q: When does this law is applied?
A: May 25th of 2018. That that the regulation and their national laws are mandatory.

Q: My company it's outside the EU, does it apply to me?
A: If you offer services or good to EU-residents, yes, it applies to you. It does not matter if you do not charge money.

Q: If I do not comply, what can happen to me?
A: The fines are set for up to €20mm or 4% of the worldwide turnover (revenue), whichever is greater. Also, you may be subject to lawsuits by people you have their personal data.

Q: Will I have to send the data I own to the government?
A: Of course not! The data you own it's yours and you are the responsible of keeping it safe and use for you have the specific consent. This regulation is the framework to protect the personal data, not to inform of them.

Q: Consent? Should I have a consent? For what?
A: Well, this is one of the main changes of the regulation; you need to inform the person (data subject) of what are you going to do with their data. Collect only the minimum amount of data to comply with the agreement and, for any thing a part of the contract (advertisement, ...) you'll need their free, voluntary and affirmative consent.

Q: If the person does not accept the data processing I'm informing him?
A: If it is necessary for the agreement, this agreement must be cancelled. If are the complementary agreements, then you cannot do the extra data processing with their data.

Q: Can I give "presents" like discounts to obtain the consent?
A: No, as this will not be a free option and will not be free, will be inducted and this consent will not be valid. Sorry.

Q: What more is needed?
A: Lots of things; data process inventory, DPO, ...

Q: Data process inventory?
A: Yes, you should keep an inventory of the data processes kept in the company, with the data owner, process owner, risk, impact assessment, ...

Q: DPO? What's that?
A: DPO is Data Protection Officer, a figure inside the company, mandatory in few cases, recommended to all, a person (or team) that makes an assessment about the data protection and GDPR compliance at the company and is the contact person of the European regulation with that company in case of a data breach or any appointing.

I recommend to contact a lawyer to guide you in this work to comply this regulation. Any question, just ask!


Previous articles
GDPR. History
GDPR.Content

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

FAQ format really makes it easy. Lots of information in a nutshell. Thanks

Thank you! Any other question you should consider,just ask! ;)