GDPR
GDPR (General Data Protection Regulation) is a regulation of the European Parliament and the Council of the European Union, which contains provisions on the protection of natural persons with regard to the processing of personal data by companies, as well as provisions related to the free movement of such data.
Among the obligations imposed on companies under GDPR are:
- clear, precise, and comprehensive informing of customers about what data the company processes and for what purpose
- fulfilling the customer's right to be forgotten
- maintaining a register of processing activities (documenting what data, by whom, how, and for what purpose was processed)
- protecting the data of employees and business partners
- appointing a DPO (Data Protection Officer) in enterprises whose core activity involves data processing
Natural persons who are customers have gained access to a number of new rights:
- the right to be forgotten - the ability to demand that the company delete all information it holds about the customer
- the right to data portability, which makes it easier for natural persons to transfer data to other entities
- the right of access to data, which obliges companies to provide precise information about what customer data they hold and for what purpose they use it
- the right to be immediately informed about a hacker attack on the company, in the event that one occurred
- the right to make corrections to personal data collected by the company
Read also
Useful links
https://pl.wikipedia.org/wiki/Og%C3%B3lne_rozporz%C4%85dzenie_o_ochronie_danych
https://www.rp.pl/Firma/305249962-RODO-20-rzeczy-ktore-musisz-wiedziec-o-RODO.html
http://www.tomaszpalak.pl/rodo-jak-rodeo-27-podsumujmy-to-co-dotychczas/