Our commitment to help you with data protection and compliance
B2L enables GDPR support for all customers worldwide
B2L ensures conformance to global regulations and industry practices in order to maintain privacy and security of its customer’s data. All our products provide GDPR-ready capabilities to help our customers meet their compliance obligations 2018.
B2L commitment to the GDPR
Incorporate security by design in products, to protect personal data
Ensure fair and transparent processing of customer data
Streamline processes to help customers meet compliance obligations
Committed to protecting our customers personal data, B2L is here to help our customers understand significance of the GDPR, its requirements and our allegiance to align with global standards.
7 Key Principles of the GDPR
The GDPR encourages businesses to be responsible about an individual's data. By ensuring protection and privacy of this data, businesses earn customer trust and they are likely to engage better with the business. GDPR provides a framework for businesses to standardize and regularize real-world security and privacy needs of an individual's data used for business purposes. The key principles which the GDPR requires businesses to operate on are:
1. Lawful, fair and transparent processing: Emphasizes transparency for all individuals i.e. when data is collected, businesses must be clear as to why data is being collected and what will it be used for.
2. Purpose limitation: Collect data, only for the purpose you need it for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.
3. Data minimization: Ensure data captured is adequate, relevant and limited. Based on this principle, organizations must ensure they store minimum amount of data required for their purpose.
4. Accurate and up-to-date processing: Data controllers must ensure information remains accurate, valid and fit for purpose. To comply, organizations must institute processes and policies to address how they maintain data they are processing and storing it.
5. Limitation of storage in a form that permits identification: Have control over storage and movement of data within the organization. This includes implementing and enforcing data retention policies, and preventing unauthorized movement and storage of data.
6. Confidential and secure: An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.
7. Accountability and liability: Organizations must be able to demonstrate adoption of necessary steps to protect an individual’s personal data, and be able to pull up every step within the GDPR strategy as evidence.
Frequently Asked Questions
- Data subject- A natural person residing in the EU who is the subject of the data
- Data controller- Determines the purpose and means of processing the data
- Data processor- Processes data on the instructions of the controller
- Supervisory authorities- Public authorities who monitor the application of the regulation
New & enhanced rights for data subjects- This law gives an individual the right to exercise complete authority over their personal data. Some of the rights highlighted in the regulation are:
Explicit consent : Data subjects must be informed about how their personal data will be processed. Organizations must make it as easy for data subjects to withdraw their consent as it is to grant it.
Right to access : At any point in time, the data subject can ask the controller what personal data is being stored or retained about him/her.
Right to be forgotten : The data subject can request the controller to remove their personal information from the controller's systems.
Obligations of the processors - GDPR has raised the bar for the responsibilities and liabilities of data processors as well. Processors must be able to demonstrate compliance with the GDPR and they must follow the data controller's instructions.
Data Protection Officer - Organizations may need to appoint a staff member or external service provider who is responsible for overseeing GDPR, general privacy management compliance and data protection practices.
Privacy Impact Assessments (PIA) - Organizations must conduct privacy impact assessments of their large-scale data processing to minimize the risks and identify measures to mitigate them.
Breach notification - Controllers must notify the stakeholders (the supervisory authority, and where applicable, the data subjects) within 72 hours of becoming aware of a breach.
Data portability : The controller must be able to provide data subjects with a copy of their personal data in machine readable format. If possible, they must be able to transfer the data to another controller.
The data controller can choose from six data processing bases. These are:
Contract - This applies when you need to process the customer's personal data to fulfill your contractual obligations, or to take some action based on the customer's request (e.g. sending a quote or invoice).
Legal Obligation - This applies when you have to comply with an obligation under any applicable law (e.g. providing information in response to valid requests, such as an investigation by an authority).
Vital Interests - This applies to urgent matters of life and death, especially with regards to health data.
Public Task - This applies to activities of public authorities.
Legitimate Interests - Legitimate interests can include commercial interests, such as direct marketing, individual interests, or broader societal benefits. The controller must document and keep a record of decisions on legitimate interests in the form of a Legitimate Interests Assessment.
Consent - Consent is also a lawful basis to process data. Consent of the data subject means "any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
LIA stands for Legitimate Interests Assessment. It specifies the reason an organization wants to process a customer's personal data. The organization must also conduct an LIA to show that the processing is necessary.
The assessment of whether a legitimate interest exists.
The establishment of the necessity for processing.
The performance of the balancing test.
Here are some links you can refer to for additional reading on the GDPR:
Find your supervisory authority- http://gdprandyou.ie/resources
EU Data Protection Supervisor- https://edps.europa.eu
Website of EU GDPR - https://gdpr.eu/
Rules for businesses and organizations - https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
Your organization's guide to GDPR -https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Note:B2l Mobitech is not responsible for the content in these pages and does not endorse these links.