GDPR Compliance

 

The General Data Protection Regulation (GDPR) took effect on May 25, 2018. Many are wondering what GDPR is and how it will impact them. GDPR has been designed to provide individuals with greater control over how their personal data is collected, stored, transferred, and used, while also simplifying the regulatory environment across the European Union (EU). This new regulation impacts both organizations that conduct business in the EU, as well as businesses that maintain or process EU personal data. Bahakel & Associates., LLC recognizes the importance of the evolving legal and regulatory landscape around information security and data privacy and remains firmly committed to GDPR readiness by no later than the effective date.

Some key GDPR principles to consider in implementation include:

  • Limited Use: Personal data may only be collected for specific, explicit, or legitimate purposes.
  • Storage Limitation: Subject to relevant exceptions, maintain personal data only for as long as is deemed necessary and reasonable.
  • Integrity: Securing and safeguarding personal data using appropriate technical and organizational security measures.
  • Lawfulness: Organizations must, among other things, ensure they have a legal basis for processing personal data, and process that data in a fair and transparent manner.
  • Accuracy: Personal data must be accurate and up-to-date.
  • Data Minimization: Only collect data that is relevant and necessary for its intended use.