What does GDPR mean for your business?
Data protection principles
Personal data must be processed lawfully and be collected only for specified, explicit purposes. Collected data has to be minimised, accurate and kept up to date. It needs to be processed in a manner that ensures appropriate security and protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
The new accountability principle requires you to demonstrate that you comply with the principles and states explicitly that this is your responsibility. You are expected to put into place comprehensive but proportionate governance measures. These measures should minimise the risk of breaches and uphold the protection of personal data.
In case of a data breach, Company will have to notify the supervisory authority and the affected individuals within 72 hours from the breach occurrence. Such a scenario might result in fines up to 20 million EUR or 4% of their annual turnover, which the Company would have to suffer.