GDPR - SignTech's Paperless DPIA
Answering your Questions about the new General Data Protection Regulation
Now that we are in the new world of General Data Protection Regulation (GDPR) many organizations find themselves exposed to a raft of regulatory breaches and fines, and the scary part of it is that some do not even know it. The GDPR is meant for any company that deals with citizens of the European Union in anyway, so for example- if your company is a simple online store in Nigeria but some of your subscribers and customers are citizens of the E.U then that company is legally required to comply with the EU GDPR requirements. We’ll answer some important questions you probably have about GDPR.
What is GDPR?
The General Data Protection Regulation is an EU regulation that aims to harmonize the data protection regulations and strengthen data protection for all individuals in the European Union.
Why is it important?
When you think Data protection, think of Facebook’s recent scandal; we found out they were passing data on 87 million users without their permission. A data protection act in effect means that things like this will be less likely to happen if that company deals with any citizen of the European Union due to the heavy fines that will be imposed. Now companies will need your explicit permission to process your data, so under the GDPR your data is protected and you have more control of how who gets your information and what they can do with it.
Are you subject to these new GDPR regulations?
According to the atinternet.com glossary: GDPR applies to all entities based in an EU country that process personal data, as well as all entities worldwide that process personal data belonging to EU residents.
Therefore, no matter where your company is located, if you use digital analytics to measure the browsing and behaviours of end users (data subjects) who are based in the European Union, then the GDPR applies to you, and you are subject to GDPR requirements.
Public authorities and organizations that engage in large scale systematic monitoring or processing of sensitive personal data of EU citizens you will be required to appoint a Data Protection Officer (DPO)
What are the consequences for non-compliance?
General Data Protection Regulation is aimed at curbing giant companies that may take advantage of their customers database without permission but the unfortunate thing is that small businesses might get caught in the crosshairs. If you’re in charge of a business and any of your customers/users/people whose data you might collect, are members of the E.U then you are required to put this GDPR into effect. If you don’t, the consequences are very dire and could cripple you financially, as the gdpr fine is no small change especially if you’re a small/medium sized business. Fines could be as much as €20 Million or 4% of the company’s global turnover - whichever is the higher.
“If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision.
However, the above may not offer much relief considering the amount of fines possible:
Lower level:
Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:
Controllers and processors under Articles 8, 11, 25-39, 42, 43
Certification body under Articles 42, 43
Monitoring body under Article 41(4)
Upper level: Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:
The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9
The data subjects’ rights under Articles 12-22
The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49
Any obligations pursuant to Member State law adopted under Chapter IX
Any non-compliance with an order by a supervisory authority (83.6)”
Source: gdpreu.org
So now you’ve been caught up, where do you start as a business?
SignTech has got you covered. To help organizations get around this SignTech Forms is offering a free Paperless Light Data Protection Impact Assessment (DPIA) form to assess any risks and exposure you may have as a result of GDPR.
Simply click on this link, complete the very simple form and we will provide you with a summary report of your position and exposure with regard to GDPR as well as recommendations to help you avoid a nasty surprise from the regulators.
More information can be found on - Link to page.
SignTech Forms is an innovative paperless platform that converts existing forms and documents into paperless forms that can be completed on mobile devices and electronically signed seamlessly (with full data integration). For more information visit www.signtechforms.com or email expert@signtechforms.com.