Friday, July 18th, 2019
By Vanessa Dias
Last year, British Airlines was attacked by hackers that stole information from over 500,000 of its passengers. The company reported the breach as soon as it had notice, but informed at first that only 380,000 passengers were affected. The month delay to report all the affected passengers may cause the proposed record fine.
The General Data Protection Regulation (GDPR) from European Union entered in force last year, but most business still do not understand its importance. Unlike most may think, the GDPR does not affect exclusively European business, but any business in the world that collect data from subjects in Europe.
Why your business should care?
If you think your business may not be in compliance, here are a few things to think about:
Even if your business hires a third-party processor you still need to take precautions and there are specific clauses that must be present in your contract with the processor.
The GDPR also requires in case of breach to notify the “EU regulator” or supervising authority in 72 hours if the information involves email addresses, personal data that contains sensitive data related to medical or financial information or identifiers associated with children. Additionally, your business would also need to notify the consumer if information included important personal information such as credit card and passwords.
“The law is clear—when you are entrusted with personal data you must look after it”, Elizabeth Denham, the Britain’s data privacy regulator.
Contact our office at 616-392-4100 if you have any question about your business compliance with the GDPR.
This post is made available to educational purposes only. It provides general information and a general understanding of the law, but does not provide specific legal advice. By using this site, commenting on posts, or sending inquiries through the site or contact email, you confirm that there is no attorney-client relationship between you and the Blog/Web Site publisher. The Blog/Web Site should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.