GDPR = Higher IT Security Requirements
Incidents which must be reported
But it is not just about direct rights for the user, but the person who processes personal data must also ensure good security to protect personal data and when data covers arise, this must be reported. Security shortcomings can thus be very costly, which increases the requirement for general IT security.
A comprehensive new law
The new law is comprehensive and covers everything from how the collection of personal data should be presented in a clear way to individuals to how to protect the personal data on a technical level. The law establishes a number of rights for the registered person, i.e. the user whose information is being collected. Here are some of the main points:
- Services similar to social media must acquire a guardian’s approval for individuals under 16 years of age.
- Users must be able to get their collected information presented to them in a structured, standardized, and easy-to-understand manner.
- Organizations must handle incoming requests regarding these individual rights requests within one month.
- Users must be able to obtain information about what information has been collected on them, what the purpose of the collection is, which entities have access to the information, how long the information is to be stored form, and any other rights the user has.
- Users have the right to have their personal data deleted when the storage period expires or if the registrant no longer approves of the information collection/storage.
- Users have the right to oppose or to determine restrictions related to the collection or processing of personal data. For example, they may decline to allow the information to be used for direct marketing purposes.
- Finally, users have the right to demand any incorrect information is requested.
About the author
+46 (0)739-99 33 12