These 5 New Additions Will Change The GDPR Law

When big companies misuse data for personal gain, laws need to exist to protect the public.

A popular example was the case of Cambridge Analytica. They are a political marketing firm that admitted to using personal data of Facebook users without permission. This case gained worldwide recognition and caused governments to support the General Data Protection Regulation law.

On August 13th 2018, the GDPR law was in effect to protect the public from personal data leaks, including names, physical addresses, and emails.

The purpose of GDPR is to create regulations for the use, protection, and transfer of personal data in the private and public domain. In August 2020, the General Data Protection Regulation will include some new additions to improve the protection of personal data. 

1. Data Security

Companies should ensure the security of personal data and report security incidents to the regulator. Depending on the incident, the company should inform the users. They should also provide the users with an explanation about the processing of their data.

Technology will be critical to organizations because the new law brings privacy management challenges. Some challenges include consent management, the management of petitioners, and the implementation of anonymization techniques.

Another change involves the processing of personal data of children and teenagers, such as obtaining consent from parents.

Furthermore, companies should prepare a personal data protection impact report. This report will contain a description of the types of collected data, its basis and the methodology used for collection, to ensure the security of information.

2. The Creation of a Data Protection Officer

Companies are also responsible for appointing their data protection officer, whose main activity will be to monitor and disseminate best practices regarding data protection. According to the law, it is a professional with technical autonomy and legal knowledge of the regulation.

3. The Creation of the National Data Protection Authority

The National Data Protection Authority serves to establish technical standards, evaluate foreign clauses and jurisdictions, and the supervision and enforcement of sanctions. They also serve to determine the preparation of corporate impact reports and the principles of personal data protection.

4. The Consent Form

In the new regulation, consent must be free, informed and expressing the client’s agreement to the processing of his or her personal data for a particular purpose. Generic authorizations are not allowed. 

5. The Destination of Collected Data

The company may collect and use the data for the purposes of campaigns, promotions, and advertising if the data’s use is very clear to the user to give approval. In other words, the company will not be able to tell the user that the data will be used for one purpose while it is used for other purposes.

The Business Benefit of GDPR

Despite the increased regulations, the law can bring benefits to organizations that decide to implement adaptations in a timely manner. As a result, it will provide them a competitive edge in the market as more people prefer GDPR-compliant organizations. 

So, businesses must be vigilant in protecting and handling collected information to ensure security throughout the data lifecycle.