Paris, February 3rd, 2017
Issued by European Commission / European Council / European Parliament
The National Reference Center for RFID (CNRFID), supported by the Directorate-General for Enterprise (DGE), set up a working group to create a repository and good practice guidelines for the Data Protection of Applications of Professional Connected Objects. Nathan Frey, CEO of Air, is a founding member of the workgroup that will focus on the upcoming European Law for the General Data Protection Regulation (GDPR), to include the Chart of fundamental rights of the UE (2000/C 364/01)
Art. 8, right to the protection of personal data
- Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law.
- Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- Compliance with these rules shall be subject to control by an independent authority.
What’s Different from Previous Regulations?
• Inventories and data mapping of personal information across your business
• Privacy and Security “by design”
• Privacy Impact Assessments (PIAs)
• Mandatory appointments of Data Protection Officers (DPOs)
• Breach notification to Data Protection Authorities (DPAs) and individuals
• Significantly greater fines for data breaches (up to 4% of annual global revenue)
When does GDPR come into effect?
Publication in Official Journal of EU: May, 4 2016
Compliance: May, 25 2018
What are the possible Sanctions? (Art. 83)
20 000 000 € or 4% of the total worldwide annual turnover of the preceding financial year