BLG BUSINESS VENTURE CLINIC
  • Home
  • About
  • Clients
  • Resources
    • Links
    • Videos
  • Blog
  • Contact
    • Clinic Schedule

BLOG POSTS

Data Protection: GDPR

3/31/2019

0 Comments

 
General Data Protection Regulation – The Global Standard
What is it?
The General Data Protection Regulation (“GDPR”) is a regulation that came into force on May 25, 2018 on consumer data protection and privacy for all individuals within the European Union (“EU”). However, though the Regulation was introduced by the EU, it can apply to any individual or corporation who processes “personal data” regardless of their location.
The GDPR Regulation should be taken seriously as it is designed to help consumers gain a greater level of control over their data, while offering more transparency throughout the process.
 
Factors to think about to be GDPR Compliant
The GDPR Regulation is a lengthy and complex document that took over 4 years of negotiation to establish. Therefore, using a general perspective, the basic factors that an individual or corporation should be thinking about to be GDPR compliant are listed below:
  1. Consent: When collecting any “personal data,” the terms of consent must be clear, easily provided and freely withdrawn at any time by the consumer. Therefore, do not confuse the consumer with complex language, hidden consent forms or lengthy terms and conditions.
  2. Timely Notifications and up to date Information
    A- You must report a security breach to the customer and/or data controllers within 72 hours or potentially face issues.
    B- Be proactive and ensure that all data is up-to date.
  3. Right to Access: To offer transparency, the corporation or individual must provide a detailed and free electronic copy of all the data collected when a consumer requests it. Furthermore, the GDPR states that the report must include any information regarding how the data will be used.
  4. Right to Deletion
    A- A consumer must have the right to request that the corporation or individual erase their personal data.
    B- Also, it is recommended to hold personal data as long as it is required and delete the rest.
  5. Portability: A consumer is given the right to their own data and transfer that same data in different situations outside of the one individual or corporation.
  6. Design with Privacy in Mind: GDPR is requiring companies or individuals to design their systems with privacy and security in mind from the start. Data collection is important and failing to protect that will lead to potential problems.
  7. Data Protection Officer: Depending on the size of the company and how much data is being collected, a Data Protection Officer should be hired to ensure the appropriate handling of consumer data.
  8. Purpose is Important: Personal data should only be used for the specific purposes that you have declared to the consumer. Therefore, do not use the information that they have provided to send material that is clearly unrelated.
  9. Data Minimization: When designing with privacy in mind, one must ensure that they collect the minimal amount of personal data that is required to perform the relevant task.
  10. Secure the Data
    Take reasonable steps to ensure that the data collected is secure. Some examples are:
    • Not store consumer data on a portable device;
    • Don’t share login credentials; and
    • Encrypt and password protect the relevant files.
 
Consequences for Non-Compliance
There are two tiers of fines that can be used as penalties for non-compliance:
  1. Up to 10 million euros or 2% of annual global turnover (whichever higher); or
  2. Up to 20 million euros or 4% of annual global turnover (whichever higher).
These fines are discretionary rather than mandatory, based on specific breaches, and are imposed on a case-by-case basis.
The GDPR is an important piece of regulation that affects global corporations and individuals. When you intend to obtain “personal data” keep in mind the factors above and ensure that your corporation is GDPR compliant to limit any further consequences.

Vikas Chadha is a member of the BLG Business Venture Clinic, and is a 2nd year student at the Faculty of Law, University of Calgary
0 Comments



Leave a Reply.

    BVC Blogs

    Blog posts are by students at the Business Venture Clinic. Student bios appear under each post.

    Categories

    All
    ABCA
    Agreements
    Civil Liability
    Confidentiality
    Contractor
    Contracts
    Directors
    Dispute Resolution
    Employee
    Employment Law
    Force Majeur
    Incorporation
    Indemnification
    Jurisdiction
    Licensing
    Non-Compete
    Patents
    Security Interests
    Shareholder Agreement
    Software
    Startup
    USA
    Warranties

    RSS Feed

    Archives

    February 2023
    January 2023
    November 2022
    October 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    August 2020
    May 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    April 2019
    March 2019
    February 2019
    January 2019
    November 2018
    October 2018
    May 2018
    April 2018
    March 2018
    February 2018
    November 2017
    October 2017
    August 2017

Terms and Conditions | Privacy Statement
 © 2019 University of Calgary. All rights reserved.
  • Home
  • About
  • Clients
  • Resources
    • Links
    • Videos
  • Blog
  • Contact
    • Clinic Schedule