We have arrived at the last one of our series of 10 articles about the GDPR. However, this does not mean it is in any way less important. We would like to give you some complementary tips about the implications of the GDPR on an organizational, legal and technical level.
There is one legal GDPR article in particular that addresses this issue and might cover a lot of the application in those areas. The GDPR article 32 can be placed under the group of rules that deal with the obligations of data handlers and more specific about the security of data processing. The article states that an organization’s data controller and data processor have the responsibility to make sure that anyone who might have access to personal data can only process and use this data if all is in accordance with the GDPR.
While much of the GDPR requirements focus on the process and procedures of acquiring, using and handling personal data in a ‘correct way’, it is of utmost importance to pay attention to the cybersecurity of the data. Which if not taken into consideration might result in a very difficult situation to explain in case of anything going wrong. Whether this is the result of a human error, system failure insufficient maintenance or confidentiality. You need to be able to prove that the data you used and how you used it is according to the GDPR rules.
To make sure you have all your affairs in order, it might be best to take the time and ask for information about the application in your company. This information can be provided by the Data protection officer (DPO). These are independent consultants who can help you figure out how you could approach the GDPR in the most efficient way. A DPO is an independent, neutral entity who doesn’t fall under hierarchy within your company. The DPO’s job consists of helping people to adjust in the most efficient and effective way to the GDPR. This is done on a custom made base where for each company they look for the best way for that particular company. Hiring a DPO is a good way to ensure compliancy within your company.
We are hoping that these articles gave you some insight on how the GDPR works and how you and your company can implement it correctly.
Do you want to get more information about GDPR? Read the previous articles.
GDPR Series – Episode 1 : What is GDPR?
GDPR Series – Episode 2 : What are the basic principles of GDPR?
GDPR Series – Episode 3 : What are the 6 possible legal bases?
GDPR Series – Episode 4 : What is the material and territorial application of GDPR?
GDPR Series – Episode 5 : How is sensitive data protected by GDPR?
GDPR Series – Episode 6 : How is consent applied in GDPR?
GDPR Series – Episode 7 : What are the risks if GDPR is not respected?
GDPR Series – Episode 8 : What are the rights of data subjects in GDPR?
GDPR Series – Episode 9 : What about the data treatment’s responsible?