General Data Protection Regulation (GDPR) is enforced in May 2018. The new General Data Protection Regulation changes the way businesses and organizations handle personal information. Due to the rapid pace of technological changes, digital information is being created, used, stored and distributed on a very large scale. The old structure of data handling, therefore, is no longer adequate to meet the challenges arising from globalization and technological advancements. Organizations will have to adapt to GDPR data transfer rules when transferring personal data outside the EU. Nevertheless, in addition to the opportunities and benefits it generates, GDPR also increases the organization’s obligations and investments made to be GDPR compliant. In case organizations fail to comply with the GDPR requirements, the penalties can reach up to € 10 million or 2% of an organization’s annual turnover, whichever is greater.
PM GAME has highly qualified resources certified in ISO 27001 BS 10012 and ISO 27701 and can provide a comprehensive consulting service to the client in helping them becoming compliant with GDPR requirements
Last year, the state of California passed a crucial privacy law which gives consumers a lot more control of their data. This act gives residents all the rights to control what information companies obtain on them and how that information is used. The CCPA just came into effect on January 1, 2020, and it provides state residents with new tools of shielding their online personal information, hence, saddling businesses with a lot more responsibility
The CCPA passed in 2019, and is considered to be one of the most comprehensive privacy legislations to be enacted in the US, according to the American Bar Association (ABA). Under this new legislation, residents of California are able to demand companies to reveal what information is obtained on them as well as the possibility of requesting a copy of that information. SEC. 3. Title 1.81.5 (commencing with Section 1798.100) is added to Part 4 of Division 3 of the Civil Code.
Additionally, companies can be forced to delete their consumer’s data upon request and they are forbidden from selling it, if the customer clicks the “do not sell” button on their company website. This will not have an effect on receiving equal service and price whether they exercise their privacy rights or not. Thus, companies are not allowed to treat a user differently because they have requested to have access to their personal data.