Confidentiality of personal data – an up to date topic
Today we are talking about the confidentiality of personal data. Why? Because today, January 28th, is Confidentiality Data Day.
Name, surname, phone number, address, social security numbre, religious or sexual orientation – all are sensitive personal data. Previously, they could have been in anyone’s possession, in any database. The data was primarily used for advertising purposes, but not only.
By the EU Regulation 679/2016, known as the General Data Protection Regulation (GDPR), this will no longer be possible. Protection of personal data is a fundamental right.
European Union law clearly states that a person must consent to the processing of such data. Furthermore, a person may subsequently ask for their deletion or modification. The provided data should only be used for the initial purpose.
Companies that need to adapt to this regulation are all who process personal data. Those who deal with a large amount of data of this kind (public entities or firms that process large-scale personal data – telephone, internet, insurance, etc.) must have a responsible with personal data protection (or DPO, from the “data protection officer”) from inside or outside the company. In this case, security needs to be increased, because fines in the case of “leakage of information” are frightening – 4% of the turnover or up to 20 million euro.
Where do we find details?
Full regulation can also be found on the website of the European Comission and basically does not change from what we already knew. After its adoption, the control will be more strict and the fines can not be avoided. In addition, those who have given their consent to data processing will be able to withdraw without cumbersome procedures.
Also, the privacy policy must be displayed in a visible place both on the websites and in the physical units, so that it can be consulted at any time. Consent must not be conditioned in any way. For example, rendering a service can only be done with the acceptance of data processing.
This site is no exception either. The Privacy Policy can be consulted here.
Theoretically, after implementing this regulation, consumers will receive fewer spam. They will be able to request removal from databases, receiving fewer unsolicited emails with information irrelevant to them. Practically, there is a need for education in this sense and probably a few examples of frightening fines.
The privacy of this personal data is a topical but very sensitive issue. There are not allowed errors, because when they have reached the wrong hands, these data may be used for illegal purposes.
Was this article helpful to you? Please leave a comment in the section below.
The Securitypapers team thanks you!