The GDPR is the EU General Data Protection Regulation. It replaces the Data Protection Directive 95/46/EC. The GDPR definition is a process that applies to personal data processing by processors and controller in the EU. It also applies to personal data processing by a processor or controller that is not established in the EU if the processor or controller offers goods and/or services to EU citizens.
The GDPR was created to make sure everyone’s GDPR rights were protected and provides harmonized data privacy laws throughout Europe, protects the data privacy of all EU citizens and makes sure data privacy is enforced through proper management.
Changes include:
Penalties from 4 percent of the annual global turnover or 20 million Euros, whichever is greater;
Stronger consent conditions with forms that have been redesigned to be more easily accessible;
An easier way to withdraw consent;
Mandatory breach notifications;
The right to access information regarding your personal data, including if it is being processed, where it is being processed and why it is being processed;
The right to data erasure;
The right to receive any personal data concerning you; and
Several more rights.
In addition to keeping data under lock and key while it is still being used, once the data becomes irrelevant, you must dispose of it in such a way so as to keep it private. Shredding the old documents with a cross-cut shredder and then having them sent to a recycling plant after they have been mixed with other companies’ documents ensures that the documents cannot be put back together.
You may be wondering why a shredding company in the United States is concerned about data privacy regulations in the EU. GDPR US is for those companies in the US who collect data from anyone in the EU. The data protection directive protects all personal data in the EU, including personal data that is collected in the United States.
If you are wondering who does GDPR apply to, the answer would be any US company that collects data from any EU citizen. That company would be subject to the new GDPR directive, even if the company doesn’t have any offices in the EU.
The GDPR compliance US started in May 2019 when the new GDPR directive went into effect. You may need to get a GDPR compliance certification. To ensure you are compliant, follow this checklist:
Be sure to get customer consent before storing or processing a customer’s data;
Hire a data protection officer to make sure your company stays in compliance with the GDPR;
If you store personal data in permanent storage, do a data protection impact assessment. This needs to be done before every project that contains personal data;
Be sure you notify any local data protection authorities if your system is compromised; and
If someone requests that their data is removed, be sure to comply.
If you have a business that often sells goods or services to those in the EU or otherwise collects data from those in the EU, you are bound by the GDPR directive. Contact Carolina Shred to set up a shredding schedule for any documents that you no longer need to keep but must keep confidential.