A new era of privacy
As most of us are already well aware, the GDPR is a file of EU regulations designed to ensure the protection of the personal information of individuals, held, maintained and processed by various organizations. Regulatory enforcement began in May 2018 and many are already calling this date “the beginning of a new era of privacy.” The regulations are stricter and revolutionary not only because of the high financial penalty on their part, but because they expand the definition of personal information and the ways of protecting it around the world.
The challenges facing Israeli companies committed to GDPR
The main difficulties of Israeli companies to which the GDPR applies, operating in global retirement, are mainly the need to reorganize, instill new work procedures, sign various elements of new documents that did not exist in the past, and make the necessary adjustments within the organization in order to be able to commit to entities. External and do not violate the GDPR.
An example of one such important document is the Data Processing Addendum Agreement (DPA). This is a document signed between the Controller (which states the purpose of processing information) and the Processor (which processes the information) and is intended to protect the first from exposure to claims due to non-implementation of the GDPR, while imposing obligations on the other. This document briefly contains most of the obligations that apply to the organization.
It is worth remembering that as of May 2018, any organization or business in Israel that provides services or sells products to anyone residing in the EU may be subject to unprecedented fines: up to 4% of the global annual turnover or 20 million euros (higher than the two). The lack of appropriate preparations to implement the GDPR guidelines could harm Israeli companies, even with regulators, both in Israel and Europe, and in business – with partners or investors in the world.
Do the regulations apply to my company as well?
The GDPR regulations apply to any organization established in one of the EU countries and / or to an organization that provides services or sells products to anyone in the EU, and / or to any organization that employs and holds the personal details (financial, health, family and more) of an employee residing in the EU. European.
Recently, in the wake of the renewed reality of the European market and in general, we are witnessing the growing concern of Israeli companies committed to their GDPR compliance with the implementation of European data protection regulation within their organization. This is a comprehensive process that requires the full mobilization of all departments in the organization up to. Many questions arise, for example, about who is Controller and who is Processor, about how secure information is transferred outside the EU, information security procedures, etc. These issues may threaten the continued existence of commercial relationships between different organizations and, of course, may even to bring about an economic collapse of an organization that will not stand in the strict regulations.
Both the Controller , the body that controls the information, and the Processor , the body that processes the information, have a heavy responsibility. The Controller is responsible for determining the purpose of collecting and processing the information as well as determining what technical and organizational means are intended to protect the information, and to prove that it does protect this information and the rights of the data subjects. It must publish written documents regarding the organization’s information protection policy, provide employee training, appoint an information protection officer, and in some cases bear responsibility to the information processor (the processor).
Whereas the Processor undertakes to follow the express instructions of the Controller, retain the information, delete or return it at the end of the call, keep a proper record of all information processing operations, maintain the rights of the Data Subjects in the information and allow them free access to the information collected about them.