The European Union’s General Data Protection Regulation (EU-GDPR) is a sweeping overhaul of data privacy laws that will go into effect in May 2018. It’s the biggest overhaul of data privacy laws in decades, and it will have a significant impact on the way organizations collect and process personal data.
It’s a great time to be a data privacy professional. With the growing importance of data and the increasing demand for data security expertise, there has never been a better time to get into the field of data privacy.
Here’s everything you need to know about the new data security laws, including the Canadian Personal Data Protection and Electronic Documents Act, the Personal Information Protection and Electronic Documents Act, or the (colloquially) PIPED Act.
What is the new data security law?
The new data security law is the General Data Protection Regulation (GDPR), which will go into effect in May 2018. It’s the biggest overhaul of data privacy laws in decades, and it will have a significant impact on the way organizations collect and process personal data.
The GDPR specifically refers to an individual’s “personal data,” which is any information that relates to an identifiable person who can be directly or indirectly identified by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. The GDPR defines “processing” as any operation or set of operations that is performed upon personal data. This includes collecting; storing; organizing; structuring; modifying; retrieving; using; disclosing by transmission; disseminating by making available online for access by third parties; alignment with other databases or datasets for statistical purposes combined processing with other personal data for which there are grounds for believing that they can be combined lawfully used for historical preservation purposes.
Individuals will have certain rights under the GDPR including:
1.Right of access
2. Right of rectification
3. Right to erasure (right to be forgotten)
4. Right to restrict processing
5. Right not to be subject to automated decision making and profiling
What does the new law do?
The new law gives more power to the customer. The new regulation includes a “right to be forgotten”, meaning customers can demand their data be deleted from an organization. The law also makes it easier for organizations to request customer consent for processing personal data, and makes it easier to withdraw that consent at any time.
When does the law go into effect?
The law goes into effect in May of 2018. The General Data Protection Regulation (GDPR) will go into effect on May 25th, which is when organizations that have collected or processed data from people residing in the European Union (EU) will have to comply with its provisions.
The legal framework of the PIPED Act
The Canadian Personal Data Protection and Electronic Documents Act is a law that ensures the protection of personal data. The PIPED Act regulates how organizations collect, use, disclose, and dispose of personal data. It also sets out the rules for individuals to protect their own personal information.
Organizations are required to follow these laws when they’re collecting or using personal data. This includes any “organization” that collects or uses personal information in the course of commercial activity. In short, this covers almost all companies in Canada – not just those with a physical presence here.
If you’re an organization that has customers in Canada but doesn’t have a physical presence here, then you need to comply with the PIPED Act if your customer is from Canada. If you don’t comply with the PIPED Act then it could lead to fines up to $25 million for an individual and up to $100 million for a company if convicted under the act.
Key takeaways about the CCPA
The CCPA is a set of federal rules that applies to any organization that collects, uses, and discloses personal information in the course of commercial activities. It’s designed to protect the privacy of your personal data by regulating how it’s collected and used.
Here are some key takeaways about the CCPA:
The law doesn’t apply to federally-regulated industries like banking or telecommunications.
You can ask an Organization for any personal information they have on you.
It gives you more control over your personal information.
Organizations need a written notice before collecting, using, or disclosing your personal information (except in certain circumstances).