GDPR is an acronym that has been heard quite often lately.
But what is it and why does everyone talk about it?
The General Data Protection Regulation (GDPR) is a European regulation in force since May 2018. Its central issue copes with the treatment of personal data and individuals.
The lack of a common regulation for all the EU member states made it difficult for companies to operate in multiple countries to manage the data of their customers and employees.
Since its implementation, the Regulation has outclassed all the territorial and national laws by unambiguously clarifying both data management methods and penalties for infringements of the law.
The regulation obliges companies and organizations that collect the personal data of EU citizens to increase data protection measures.
In this way, companies are obliged to protect personal data regardless of their registered office and storage servers location. If failing to comply, the company will be fined up to 20 million Euro or 4% of the Global Revenue (whichever is greatest).
At the time of data collection, the individual has to be asked for consent to collect and process data by the company. The latter is also required to clarify the purpose for which it is meant to be used.
What are Personal Data?
The data which the given regulation refers are information concerning a real person: either personal, or professional or public information. Name, address, photos or posts on social pages, can be considered personal data.
Data relating to legal persons such as companies, public bodies, corporations or organizations are excluded from this categorization, regardless of the definition of legal personality that is adopted by each individual state.
The Regulation also includes expansions enlisting and specifying categories that can be used for identifying a person.
Personal data refers to all pieces of information which directly or indirectly identify an individual.
Personal data may be sensitive data (genetic, biometric or health status information) or relating to criminal convictions or crimes.
It is necessary to specify that not all data relating to a person is considered personal data, but only those that can be used for identifying his or her identity.
How to avoid the disclosure of data?
For companies, one of the most effective methods for avoiding the accidental disclosure of collected personal data is to destroy the media on which they are saved or written.
When printed documents, hard drives or personal computers containing personal data are no longer useful for the company, it is not possible to simply throw them away. This would expose the company to possible data thefts and therefore to heavy penalties.
It is necessary to be able to destroy both formats so that they can no longer be consulted.
Kobra’s paper shredders are specifically designed to help companies align with the GDPR. They are effectively able to destroy paper as well as electronic and optical media, thus avoiding any accidental data leakage.