The General Data Protection Regulation has 3 objectives:
The stake for concerned organization is to master the life cycle of their data (use and protection) and being able to transfer them to the concerned customer.
All organizations manipulating personal data of European citizens.
All data that can identify directly or indirectly a physical person
|Phone||IP address||Biometric data|
The GDPR will be applicable and enforced from May 25th 2018.
Financial sanctions could be as high as the maximum of €20,000,000 or 4% of global turnover. Also all data treatment unfit to the GDPR could be suspended, and data removed.
1st Principle – Purpose, why are we collecting these data
2nd Principle – Relevant, collect the minimum data needed for the process
3rd Principle – Storage, data life cycle
4th Principle – Rights, access right, change right, and transfer right
5th Principle – Safety, data protection