Skip to main content

New GDPR laws and why should I care?


Most, if not all companies, small and large, non-profits, social clubs and associations collect and process personal information in many ways and forms. Here is a quick summary on how GDPR will affect you and your company, regardless whether you are located in Europe or any place else, like the United States, Canada, and anywhere else in the world.

On May 25’th 2018 a new regulation will be enforced that strengthens personal data security regulations and places tough requirements on how business can collect, store and process any and all personal information.



Why should I care?

The simple answer is because of the hefty fines you may incur if you violate those regulations. Penalties for organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

Where should you start?

We are here to help you with your first step to gain a better understanding of what GDPR is and what changes your company must make to follow the new regulations. There is no time to wait – you can get started today with answering a few questions regarding your data:
  •          What personal information does my company collect and process today?
  •          Where does my company store that information and on which IT systems?
  •          Who has access to the information and how is it being used?
  •          What lawful basis does our company have to collect and store the information?

After you answer those questions, we can make it easy for your company dive in deeper and to take the practical steps to kick start your GDPR activities at Omnibasis.com with your FREE account.

What is personal information?


According to GDPR law, personal information is anything that can be used to identify an individual. At first glance you might think that this is easy. Yet with GDPR there are lots of other non-obvious data points that also fall into this category. Some examples of personal information is a person’s name, email, government ID number, membership number, IP address, car license plate, a Twitter / Facebook handles and even photographs.

In addition, GDPR is classifying some information as sensitive data and encryption and other security measures are needed to restrict access to this data. Examples of sensitive data might be personal health records, membership affiliation, bank account information, etc.

Unless it is absolutely necessary, your business should avoid storing and processing sensitive information ALL TOGETHER, or alternatively your business should erase data as soon as it’s no longer required. For example, an airline needs to collect food preferences for in-flight mean. It is the best to erase this information as soon as the flight has landed.

What is personal information?

According to GDPR law, personal information is anything that can be used to identify an individual. At first glance you might think that this is easy. Yet with GDPR there are lots of other non-obvious data points that also fall into this category. Some examples of personal information is a person’s name, email, government ID number, membership number, IP address, car license plate, a Twitter / Facebook handles and even photographs.
In addition, GDPR is classifying some information as sensitive data and encryption and other security measures are needed to restrict access to this data. Examples of sensitive data might be personal health records, membership affiliation, bank account information, etc.
Unless it is absolutely necessary, your business should avoid storing and processing sensitive information ALL TOGETHER, or alternatively your business should erase data as soon as it’s no longer required. For example, an airline needs to collect food preferences for in-flight mean. It is the best to erase this information as soon as the flight has landed.

Rights of the individual

The purpose with GDPR is to strengthen the protection of the individual's right to personal data protection. All individuals have the right to get detailed and easy to understand information about how their personal data is stored, processed, and for what purpose. The individual also has the right to access their personal details at any time and correct or delete it at any time.

What does this mean for your business

An individual request to access his or her information could be simple if it is just related to their personal information. Maybe it is stored in some kind of membership directory. But that is not all. An individuals information also includes the history of changes to that personal information, consents given previously to store and process that information, and any and all additional interactions your business ever had with that individual. It can get very complicated very fast, especially with several distributed systems where you store and maintain different sets of information and data.

The right to be forgotten

GDRP also defines a new right to every individual, the right to be forgotten. It is empowering the individual be permanently removed based on simple means – not jumping through lots of hoops and calling around forever - to have ALL of their information permanently deleted. You can obviously still keep information that is required for you to fulfil obligations when it comes to, for example accounting or financial transactions to meet your reporting obligations. However – also this part of the information that the business still keeps can only be used for that processing activity and no other purpose.

A lawful basis for collecting personal information

GDPR makes it very clear that you are required to have a lawful basis to collect and process personal information along with explicit user consent.
User consent should be a clear and affirmative action and not hidden in a long user agreement. Implied consent is no longer valid, no more pre-checked checkboxes to opt in to newsletters. Users must also have just as easy way to withdraw consent as it was to give consent in the first place.
The user consent must include a clear explanation as to why does your business seeks to store and process their personal information and for how long at the time of obtaining it. An example of such consent is an easy to follow and understand web site membership agreement.
Your company should immediately identify what their lawful basis currently is to store and process personal information.

Important! Do use email to process personal information!

In the past, e-mail has made it very easy to communicate with people. It is not enough under new laws of GDPR. All personal data you process via e-mail is affected by GDPR. Do not use email. If you need to collect and store personal data, you can use Omnibasis cloud-based platform to do so in minutes.

Do not hide data breaches!

No one is immune against data breaches and hacker attacks.  Any incidents where personal data might end up in the wrong hands must be reported to the authorities within 72h after the breach has occurred. In most cases you must also notify all individuals whose data was leaked.

Delete personal information that is not used

An individual personals data may only be collected, stored and processed with a valid consent.  Providing an easy to use user interface to manage, update and delete each individuals personal data can save your organization time and money. In addition, you will be compliant with GDPR laws that require to delete the personal data if it is not needed anymore for data processing as it is stored in one place via Omnibasis cloud-based platform.

Business small and large, turn to Omnibasis to create and manage user directories,  agreements, consents and keep a record of your businesses personal data processing activities. Start your compliance journey at Omnibasis.com today.


About Omnibasis

Omnibasis is a business management solution to run your sales, marketing, commerce, and operations powered by Blockchain technology. Visit omnibasis.com to meet the operating system for your business.

Labels:

Comments

Post a Comment

Popular posts from this blog

The Ultimate Guide to Creating Your Own Non-Fungible Token (NFT) without Writing a Line of Code

The advancement of the Blockchain technology creates new opportunities for new and existing businesses. One of the new use cases of Blockchain technology was to create a non-fungible token (NFT). Do you have this great new business idea or getting ready to launch a startup, and you want to embrace the new world and create your own NFT? Do you have an existing business and want to know how to capitalize on a NFT without writing a single line of code? We will guide you along the journey and help you in all aspects of NFT creation and distribution. You will learn how NFTs are working and show you how to easy it is to use our solution to create your own NFT and determine whether your business needs it. Let’s dive into everything you need to know to build a successful NFT. What is a NFT? A non-fungible token (NFT) is a unit of data on a digital ledger called a blockchain, where each NFT can represent a unique digital item, and thus they are not interchangeable. NFTs can represent
Post a Comment
Read more

The Ultimate Guide to Digital ID with Mobile Wallet

In this guide you learn everything you need to know about Digital ID wallet and proving your identity with a greater privacy and all your ID credentials at hand on your mobile device. Make A Case for Digital ID How many identity cards do you have in your wallet? Go ahead, open your wallet and count. I counted at least 5: driver license, car insurance, health insurance, dentist insurance, and eye & vision insurance. All these traditional documents have served us well but in a changing world with all of us carrying around a mobile device, our phones can take over the function of those documents. Identity documents like insurance card, national ID cards, driver license all prime target to be wallet items to digitized into the mobile phone. Digital IDs have the power to transform business processes dramatically with new trust, privacy-protection, and security like never before. Products like Omnibasis Digital ID based on omniPass allows customers to benefit from a secure and trus
Post a Comment
Read more

Digital Proof of Insurance with Mobile Wallet

Digital Proof of Insurance (DPI) refers to an electronic version of an insurance card or policy that can be displayed on a mobile device or computer. DPI is a convenient alternative to traditional paper insurance cards that are often easily misplaced or damaged. Insurance companies around the world are turning to Omnibasis and omniPass solution to offer the option of a digital proof of insurance, allowing policyholders to access their insurance information through a mobile app or online portal hosted by Omnibasis with a branded white label site. For car insurance, most states in United States also allow drivers to show their DPI during a traffic stop, rather than requiring a physical insurance card. Mobile Wallet Introduction Users do not want to download yet another app on their mobile device and prefer to use a mobile wallet. A mobile wallet is a digital platform that allows users to store payment information, loyalty cards, and other types of digital content in a single, c
Post a Comment
Read more