Breakfast Seminar with Mannheimer Swartling
On May 10, SACCNY invited members and friends to an interactive and informative breakfast seminar with the law firm Mannheimer Swartling. SACCNY board member, Maria Tufvesson Shuck, and IT & Technology experts, Caroline Hansson and Liisa Rajala Malmgren, kindly hosted the event in a at their Park Avenue office. During the seminar, the experts shared useful insights and important information regarding the new EU regulation on personal data, GDPR. Did you miss the event? Don’t worry—we have summarized the key takeaways for you!
”We have 15 more days to go before the General Data Protection Regulation (GDPR) enters into force, are you prepared?”
What is the GDPR?
The GDPR (The General Protection Regulation) is a law aimed at protecting and empowering the data privacy of all EU citizens. Consequently, it also reshapes the way organizations approach data privacy. The GDPR was adopted by the EU and will be enforced on May 25, 2018.
What are the cornerstones of the GDPR?
The GDPR requires organizations to have a lawful basis for each objective in the data processing mechanism. Additionally, transparency is essential; institutions are obliged to define and disclose the purpose of each step of the data collecting process, as well as to inform individuals about the nature of the procedure. Moreover, data minimization affirms that organisations should only collect and process necessary data to successfully accomplish their pre-defined purpose and only be stored for as long as it is necessary. Last, the security of personal data is key.
When does the GDPR apply?
The GDPR applies to all entities established in the EU as well as to companies and organizations who target their goods and/or services to individuals located in the EU. Furthermore, it applies to entities that monitor individuals’ behaviors to the extent such behavior takes place within the EU.
What should you do to be compliant to the GDPR?
First, map your organization´s personal data processing: define what kind of data you are processing and establish why it is important; assert your right to collect and use such personal data; determine for how long the data needs to be processed and affirm that the data is kept secure. Second, verify that the data collecting process is transparent by informing individuals about the necessary steps and their respective purpose Last, documentation is key, thus make sure to keep an internal record of the data processing.
On a positive note
The GDPR does not prohibit the collection of personal data, it rather protects individuals by certifying the purpose and nature of the data processing and keeping them informed throughout the process. Additionally, the new regulation gives you the opportunity to do an inventory of your data and put more efficient work processes in place.
Read more of our articles here!