The GDPR, acronym for General Data Protection Regulation, is the EU regulation n. 2016/679 on privacy and the Right to be Forgotten. Keep reading this guide and find out what it is, what it means, what to do and what changes for your online reputation.
- The GDPR in a nutshell
- What is the GDPR
- When did the GDPR come into force?
- What does GDPR mean?
- GDPR: what do you need to do to comply?
- What changes has the GDPR brought?
Need help protecting your online privacy?
ReputationUP guarantees the elimination of any private and personal information (name, number, address, photo, video) from any Internet platform
The GDPR in a nutshell
The GDPR in summary consists of 99 articles which provide you the following:
- Information: you will have the right to get clearer information to personal data processing.
- Right to be forgotten: you may request the removal of information from Google. Thanks to the GDPR, you can contact a qualified professional to remove them, since Google has a very long processing time.
- Limits to automated processing: Limits to automatic disclosure of data and information without your consent are set.
- Data transfer: the criteria for data transfer are established, allowing both sharing and also providing for the extension of the rules to companies based outside the EU, if they refer to subjects present in Europe.
- Sanctions: in case of infringement of the directives, the sanctions can be up to 20 million or 4% of the annual turnover of the company.
What is the GDPR
Your personal data, financial information and preferences like the purchase you make, websites you visit or a particular product you select are now exposed to the media and may be subject to inappropriate and unauthorized use.
A matter that concerns you not only as an individual, but also as a professional or entrepreneur.
It is in this perspective that the EU GDPR Regulation No. 2016/679 governs privacy and the right to be forgotten.
Do you want to remove outdated news from the web?
ReputationUP guarantees the elimination of any obsolete news (links, photos, videos, comments, content, reviews) from any platform
The GDPR brings together a set of rules enacted within the Union in order to ensure an:
“Uniform directive with regard to the data processing and the right to be in full possession of the information concerning you”.
It is a regulation, which means that it is in force for all Countries of the European Union and must be adopted by the member countries, which will be obliged to transpose EU rules into their national legislation in case of conflict of law.
For instance, the Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
When did the GDPR come into force?
The regulation entered into force on May 24 2016 and applied starting May 25th, 2018.
Today, everything related to data, information and privacy must comply with the GDPR, that is to say in compliance with the regulation.
What does GDPR mean?
The term GDPR is an acronym that indicates the General Data Protection Regulation.
What protection of personal data means
Personal data is considered to be all the information which directly and indirectly qualifies you as a natural person, owner of an activity or its direct representative, and which may concern different spheres of your social life and work.
The most relevant personal data include:
- Name and surname;
- ID number;
- Data held by a hospital.
There are also personal data that cannot be processed and disclosed in any way.
Among these we consider:
- Ethnicity and race;
- Sexual orientation;
- Political opinions;
- Religious convictions;
- Data relating to particular health conditions;
- Data relating to criminal convictions and offenses.
Google can often contain defamatory links related to you or the business you run.
Reports to the search engine are not very effective, as they require very long response times.
This is why more and more people are turning to ReputationUP to remove a link from Google within the legal framework of the GDPR.
Don’t like what Google says about you?
ReputationUP guarantees the elimination of any negative link (photos, videos, comments, content, reviews) from Google
Who processes personal data on behalf of the controller?
Article 4 of the GDPR (download the PDF) identifies who is in charge of data processing.
On the one hand, the data controller can be a natural or legal person, an agency, a company or a public authority to which that information refers.
On the other hand, the data processor is a natural or legal person, public authority, agency or other body which processes data on behalf of the data controller.
Let’s take a concrete example.
Imagine that your company produces packaging machinery and that you entrust the payment of payrolls to a specialized external company, indicating the amounts and dates on which they must be made.
In this case your company owns the data while the external company is responsible for the data.
What does data breach mean?
The data breach is a security incident – concerning your direct and indirect data – which occurs accidentally or due to an unlawful processing in which your data are disclosed, destroyed, modified or lost by an individual unauthorized to do so.
The breach can compromise your privacy and your personal data protection rights.
Causes can be divided into three macro-categories:
- Access by unauthorized parties
- Theft of devices containing your data
- Malware and virus attacks.
Who is the data protection officer?
The data protection officer is a technical consultant who deals with risk management related to your personal data.
This role is now mandatory for all public bodies and companies whose activities involve the use of personal data.
The subject can be an integral part of the organisation, if the person has the required skills or among external professionals specialized in the IT sector.
The DPO deals with:
- Consultancy: providing advice to your business and informing you about the current legislation on the right to privacy and the right to be forgotten.
- System analysis: carrying out careful risk control and analysis on your IT systems.
- Implementation of preventive measures: by drafting a specific document listing the measures to be implemented and their planning.
- Action: taking steps to counter a threat or data breach and issuing a report to the competent authorities.
GDPR: what do you need to do to comply?
Let’s see in detail what are the five things you must do in practice to stay compliant:
- Download the text of the law;
- Collect all your company data and information;
- Check which ones are used;
- Provide the users with the possibility of having “full access to their data, the right to data portability and the right to be forgotten”:
- Identify the roles defined by the regulation for the protection of privacy.
Who must do it?
Compliance is mandatory for those who:
- Established a company, firm or entity after May 25, 2018;
- Carry out an activity within the European Community which involves the data processing;
- Carry out an activity outside the European Community but process data of EU citizens.
Who must comply with it?
In the event that your company was established before May 25, 2018, you will need to adapt your systems to meet the required parameters.
How to comply with it?
The regulatory compliance must take place in different sectors, from internal organization to the actions to be taken, from the use of secure IT systems to the identification of roles.
First, you will need to inform your customers about the tools for data collection and specify their use.
It is necessary to obtain the consent in a clear and precise way and to create a register of treatments including all changes made by the data owner and by the managers.
Furthermore, it will be necessary to appoint a data protection officer and to evaluate precisely the needed steps to allow compliance to the new regulation.
Who must comply?
You must comply with GDPR if you are a natural person, as a doctor or a professional, in case you use data from third parties for business purposes.
Are there any exceptions or exemptions?
Data Protection Regulation does not apply in case:
- the subject is a deceased person;
- the interested party is a legal person;
- the use of the data is carried out by a person with no connection to a commercial, business or professional purpose.
What changes has the GDPR brought?
The introduction of the GDPR was a valid response to this information age with evermore digitalization. It marks a step forward to change the way of protecting personal data and consider their processing.
In particular, important action was taken to tackle problems that could arise, especially in the event that the user is faced with the need to repair online reputation .
Today, thanks to the new rules, you are entitled to:
- Receive an explicit consent to the data processing;
- Be informed on how your data is being used;
- Request and obtain the cancellation.
If your objective is to remove from Google that you consider negative or harmful to your online image, contact ReputationUP now and find out how to protect your reputation from haters and fake news.
Do you want to delete personal and private information from the web?
ReputationUP guarantees the elimination of any personal and private information from any Web platform
It is the regulation by which the European Parliament, the Council of the European Union, and the European Commission protect the data for all the people within the EU.
Regardless of its nationality, any company will have to comply with the regulation if it stores data of citizens of the European Union.
It may affect the handling of personal data within the EU, data transfer procedures, and lead capture processes and documentation.
Personal data includes personally identifiable information, such as names, telephone numbers, IP addresses, and email addresses.
Therefore, the more types of data processed, the greater the risk.
Breaching the GDPR can include fines of up to €20 million.
The law of the GDPR has been applicable since 2018 in all EU countries.
There are eight rights granted to citizens:
1. Right to be informed: allows people to be informed of the use of their personal data;
2. Right of access: allows individuals to access their personal data to verify compliance with the GDPR;
3. Right to rectification: the law allows anyone to correct inaccurate or incomplete information;
4. Right of deletion: better known as the right to be forgotten, which allows a person to request the deletion of their personal data;
5. Right of limitation and treatment: it is the restriction of the processing of personal data, that is, problems with the shared information;
6. Right to data portability: consists of the right to transfer personal data or reuse it for its purpose;
7. Right of opposition: it consists of withdrawing the consent and does not carry out any processing that is not for legitimate purposes;
8. Rights related to automated decision-making, including profiling: It safeguards against a harmful decision that could be made without human intervention.
The GDPR applies to any organization that works within the EU and those not within the EU community but has clients or companies from the EU.
As we have mentioned, the law applies to large or small companies or organizations that operate within the EU; if they are not physically located in the EU, they must comply with the GDPR if they have clients within this community.
Do you want to exercise your right to be forgotten?
ReputationUP eliminates any obsolete content (links, photos, videos, comments, content, reviews) and guarantees your right to be forgotten and digital privacy