WBNetADD connect
Direct contact

+32 16 43 11 00


info@add.be Contact us

You are here

The dangers of the new privacy regulations: How to protect yourself?

News
06 April 2017

 

On May 25, 2018 the new European privacy regulations, the General Data Protection Regulation (GDPR), enters into force. The purpose of the GDPR is to better protect the data of European citizens. The new regulations arose from the 'Data Protection Directive' of 1995. There was much confusion about this directive and new developments such as cloud, escaped the reach of this law.

The new regulations apply to companies in possession of personal data, but that appears to be a broad notion. It includes ‘any information about an identifiable individual’ and that is not just a name, address, photograph and date of birth, but also account numbers, telephone numbers, or even an IP address. All that information can, namely, lead to a physical person and therefore also falls under the GDPR Directive.

When in doubt, it is best to assume that you are dealing with personal data. Fines for violations can include up to 4% of your annual global sales ... Also as a self-employed worker you cannot escape this regulation. The fines could run up to 20 million euros.

The regulations emphasise among others:

  • Transparency: communicate clearly about how you collect and process data
  • Data transfer: it should be possible, without any problem, to transfer personal data to another service at the request of the person concerned
  • The right to be forgotten: personal data must be deleted upon request, also with third parties.
  • Notification requirement in case of data breaches: if you become a victim of a data leak, you must report it within 72 hours to the Belgian Privacy Commission and in severe cases, also the affected individuals.

How do you become a GDPR compliant?

Phase 1: make an inventory of what data you have and where they are located.
Phase 2: elaborate procedures on how to protect and process personal data.

This is not a simple task; it is therefore appropriate to appoint a representative. Such a Data Protection Officer (DPO) is mandatory in some companies. The company's activities are a decisive factor: all organisations in the public sector and organisations that process personal data from a ‘special category’ (religious or health data, political affiliations ...) are obliged to appoint a DPO.

Placing your data in the cloud is not a wild card place to escape your responsibilities. Also, cloud providers must comply with the regulations in the context of transparency concerning data storage. If you store your data in a public cloud environment, the cloud provider cannot guarantee the physical location of that data. In this case, you do not comply with the privacy regulations. In a private cloud environment, the cloud provider has self-control over the storage place. Yet you and your company always remain responsible for the processing of your data and compliance with the law, not the cloud provider.

It should be clear that this directive has a great impact on your organisation. Not only do you need to identify the available data and the catalogue (required manpower), but you should also secure and protect them at a maximum level (required IT investment) and in case of a data leak a whole series of administrative and legal obligations arise (requires a crisis plan with use of specialists).

You have taken all precautions to become GDPR-compliant, but it backfires?

Are you the victim of ransomware or have your clients’ data been hacked? Then our IT Care policy takes action.

Speed is extremely important. IT Care primarily offers assistance in an incident or a breach. If you have determined either one of these, dial the emergency number that is accessible 24/07. IT specialists guide you through the various steps in the first 48 hours so that you are able to return to work. You will also receive support from specialist lawyers on the various steps and requirements regarding the reporting process. They work systematically: where do you have to report the leak? How do you inform the people concerned? Meanwhile, IT specialists will examine the location of the problem, remove the cause, ensure that the leak is closed and, if necessary, reconstruct the data... IT Care is able to provide for global assistance, after all: a claim follows the jurisdiction of the country where a person submits. Not only do we reimburse all costs incurred, the compensation liability claims and fines are also part of the cover.

In addition to the dangers of the new privacy regulations, ICT Care also covers other cyber and ICT-related risks. More information? Ask about our ICT Care folder or contact Door Cooreman

Our advice: let specialists assist you to deal with the risk of privacy and ICT incidents.

 

Other news and events

  • Corona vaccine: right to short leave, but what about your Workers’ Compensation insurance?

    Most of your employees will soon receive their invitation letter to be vaccinated. They may then go to the vaccination centre in their neighbourhood...
    06 May 2021
  • Human Capital

    Occupational accident or not? 5 frequently asked questions to the insurance broker

    Do employees benefit from the same accident cover at home as in the workplace? With more and more people working from home due to the corona crisis,...
    28 April 2021
  • Human Capital

    5 reasons to offer group insurance anyhow

    Today, about half of the companies in Flanders offer their personnel group insurance . Their number continues to grow, although there are also...
    05 March 2021
  • Fraud insurance or cyber crime policy: know the difference!

    Becoming a victim of fraud is the big nightmare of every entrepreneur. And of course, we don't need to explain to you that cybercriminals also pose a...
    11 February 2021
  • Werner Van Steen succeeds Dirk Van Liempt at ADD

    As of February 1, Werner Van Steen will be our new CEO . Dirk Van Liempt is retiring and is already excited about his successor: "It happens that...
    29 January 2021