European Union's General Data Protection Regulation in force

Share
European Union's General Data Protection Regulation in force

The EU regulator has set out to protect the personal data of its residents within the EU as well as globally wherever the data might be transferred to or stored.

THE General Data Protection Regulation (GDPR) deadline for compliance is fast approaching.

The chatbot, named Parker, helps companies in non-EU jurisdictions (including SA) to determine whether GDPR applies to their business, says Norton Rose Fulbright. A major difference is that a business will risk paying fines of up to 4% of annual global turnover, or €20 million.

Realistically, this is also likely to be one of the areas where distributed ledger technologies (blockchain and its ilk) really come into play, likely even more so than ICOs (which are primarily pure speculation plays).

In addition, the media will generally be able to claim an exemption if the personal data they are handling is held "with a view" to publication, if they believe that publication would be in the public interest and if complying would be incompatible with journalism. As well as name, address, and date of birth, it also includes IP addresses, location data, and cookie identifiers as well as generic data.

The GDPR specifies lawful bases for processing Personal Data, including consent by the data subject or a determination that the data is necessary for performance of a contract or fulfillment of a legal obligation.

In contrast to USA privacy laws that tend to cover specific kinds of personal data (e.g., healthcare, financial) the GDPR covers all personal information relating to an identified or identifiable individual.

Member countries must accept a larger role for their data protection authorities who will be central to guaranteeing the rules are applied. The answer becomes trickier for companies that are based strictly in the United States.

"However", Baines explains, "one of the key principles under GDPR is that personal data should be treated fairly and that revolves around what people's reasonable expectations are". Facebook was criticised for carrying out "massive combinations of personal data of Internet users for purposes of targeted advertising", to which they "have not consented and can not oppose". The healthcare providers and insurers that are "covered entities" under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) constitute the controllers of health data in this regard. The aim of the GDPR is to give more protection to an individual's data in the digital age.

This includes solid cybersecurity, staff training, and contingency plans on how to respond to an information leak or a personal data breach if it occurs, to minimise the damage.

The platform has always had a lower data retention period than Facebook, never holding on to information for more than two years. Consent can be granted for the use of data for a specific objective and then revoked, only to be granted again for another goal. Post-discharge patient engagement also requires that patient health data collection and processing be subject to the GDPR for European Union residents who received medical care outside the EU. Both are essential to learning about its potential risks-and how it must comply with the new regulation. "Combining your compliance programmes will save you time, effort and money", says Crawford.

Conduct a comprehensive data audit to understand data source, collection and processing. Rigorous requirements for consent to retain and use Personal Data apply, which essentially reject consent by omission or inaction-consent by silence, pre-filled boxes, or inactivity will not constitute consent.

"For South African organisations, if the GDPR applies to you, consider how you can combine your GDPR and Protection of Personal Information Act compliance programmes, as numerous requirements are similar (although there are some differences)".

In the event a medical tourism agent shares personal data with a vendor such as a hotel, the vendor must provide a Data Processing Agreement (DPA) with the supplier confirming the vendor's compliance to the GDPR and dictating the purposes for which such data is to be processed.

Share

Advertisement

Related Posts

Iran hails 'constructive meeting' with European Union on nuclear deal
The Russian Foreign Ministry believes that the United States will not revise its decision to pull out of the Iranian nuclear deal. Iran is demanding guarantees from the signatories that the nuclear deal will formally remain in place, even without the US.

Family demands answers after man chased down and strangled by police
Robinson's family immediately questioned if he died from excessive force, something Lopinto said he couldn't confirm at the time. Gaylor Spiller, president of the NAACP's Jefferson Parish chapter, praised the sheriff for his response to the autopsy results.

LePage among governors backing President Trump for Nobel Peace Prize
LePage introduced the president at two rallies held in ME prior to his 2016 election victory. Jeff Colyer is supporting President Donald Trump's nomination for the Nobel Peace Prize.

Facebook suspends about 200 apps that may have misused data
It added that "Cambridge Analytica is a data-driven marketing agency and does not manipulate political views". This, however, was not how the data was handled.

Cameron Bancroft free to play club cricket
According the Matthews, the debate was more about the fact there had other players who had served out their sanctions. On Monday night, 14 clubs voted in favour of letting him play, with two against.

Levante win 5-4 to end Barca's bid for unbeaten Liga season
The Barca boss believes Levante are now the best team in La Liga , having won eight of their last 10 matches to avoid relegation. Ghanaian striker Emmanuel Boateng netted a hat-trick, while Macedonian worldwide Enis Bardhi scored a brace.

'We have momentum to win vs KKR'
However, they faced a top in-form side in the form of Mumbai Indians who just cruised past the Knights two games in a row. Buttler hit six boundaries in an over for Rajasthan Royals in the IPL on the day he was recalled to England's Test squad.

Wow Air flying to India
To purchase a flight or for more information on WOW air, please visit www.wowair.us. The one-way fares only apply when accompanied by a return booking.

Mariners' Robinson Cano to be suspended 80 games
Cano is signed through the 2023 season with Seattle, on a 10-year, $240 million contract negotiated before the 2014 season. He has hit 20 or more home runs in a season on eight occasions and drove in at least 100 runs in a campaign four times.

Police facial recognition trials failing
A report by Big Brother Watch called for use of facial recognition software by the police to be abandoned. The accuracy of police facial recognition systems has been criticised by a United Kingdom privacy group.

© 2015 ExpressNewsline. All Rights reserved.