On the 25th of may the “General Data Protection Regulation”, also known as “UE 2016/679 Regulation” or “GDPR” has become effective.
The text of the regulation has been published by the European Official Journal on the 4th of may 2016, and has entered into force on the 25th of may of the same year. The subsequent two years of time were given in order for companies to acknowledge the content of the regulation and undertake a gradual act of compliance due by the 25th of may 2018.
The regulation is composed of a premise and 99 articles subdivided into 11 sections.
Why a new regulation?
The main objective of the regulation is to safeguard the individual by protecting their personal data. Therefore the one true subject to be protected is data associated to people.
The evolution of information technology in the latest years permitted the creation of an inter-connected world through the Internet, and the possibility to exchange massive amounts of information. Today data about people has, in certain cases, become a “commercial product” aimed at commercial campaigns.
The new regulation is an Initiative of the European Parliament which puts itself next to the already existing laws in order to sensibilize companies by introducing new innovative concepts regarding the Responsibility concept.
It’s important to keep in mind that a European regulation is a legislative act promoted by the European Union and becomes law immediately in every Member State. In other words, a European Union Member State cannot decide to not comply.
Many articles start by citing the sanctions that the companies might go towards in case of non-fulfilment, like 4% of total annual earnings or 20 million Euros. It’s important to understand the essence of the new regulation and not to just adapt to it in order to not get fined.
What does privacy have to do with this?
The word “Privacy” might not be mentioned in the 99 articles of the new regulation.
It’s also true, though, that the term “privacy” has been used significantly more in the latest years and it’s the concept most frequently associated with the GDPR.
It’s important to remember that the GDPR is a regulation aimed at protecting personal data and regulate its use.
“Privacy” is the right for which every individual has to decide which information of its personal sphere wants to make known to others
When a person communicates their food intolerances or their religious belief to the company in which they work, there is no privacy violation if this information is used to decide which ingredients will be used in the workplace canteen.
The important part is that the person has to give their agreement after being informed on the motivation for which the company has asked for that information.
Obviously, if one’s religious belief would then be used by the HR office to make discriminatory choices, there would be a breach to the GDPR.
Often people tend to associate the word privacy to the GDPR because, in fact, a person will have a better guarantee of not being discriminated, of not being contacted for promotional purposes and of not having to remember when and why they gave their consent.
Which are the new European Regulation Keywords?
- European Regulation
- 25th May 2018
- Privacy By Design
- Privacy by default
- Data Treatment
- Treatment Registry
- Personal Data
One of the fundamental aspects of the regulation is the obligation for education and sensibilization of the workers responsible for data processing, as established by the art. 39 “Tasks of the data protection officer”.
From these topics stems Aglea’s idea to create an e-learning education course on the GDPR thematic.
- E-learning modality but available on already existing platforms (Scorm)
- The course contains exercises and tests aimed at verify the correct learning by the employees
- The total duration of the GDPR education course is 2 hours (divided in six lessons)
Which are the pillars of the GDPR education course?
The content of the course is made up of six main pillars, here is the program:
- Genesis of the regulation and its relationship with the 2003 legislation 196
- The rights that each individual has acquired with the new regulation
- New concepts that made the GDPR an innovative regulation
- The importance of the main individuals involved in the organization of data processing
- How to think in terms of lawfulness, finality, register of processing and risk management
- The logics of data protection and how to act in case of violations.
Watch the course preview here (Italian language):
Do you want to publish the course on your e-learning platform? Contact us
Blog post originally translated from