The Basics of GDPR
Providing a full description on the EU General Data Protection Regulation is not a simple task. Why?
Because it is not merely a compliance framework; rather, it is a blueprint for a combination of legal, technological and work habit changes within an organization. And it directly affects all currently accepted ideas and methods used in data management processes.
To gain a proper understanding of what is within the regulation and what to expect from it, some keywords needs to be discussed and understood.
First and foremost who is involved in the process? The regulation differentiates three major entities that are present in all scenarios where personal data is present.
First of all there are the ‘data subjects’ – those people whose personal data is collected. Those doing the actual data collection are called ‘data controllers’ and finally come the ‘data processors’; organizations tasked with processing the information collected.
Not only are the entities declared but also the concept of personal data is redefined. Whereas previously, personal data was simply any information that is relevant to an individual it is relevant to any information that can be directly or indirectly correlated to a natural person. In other words, any information that is specifically attributable to the user is considered personal data. So, anything from a simple IP address, to a user name or even health records can be described as personal data, and the list just goes on. That is why we need to reconsider what type of information is collected at an organization.
There is also a territorial scope around this. Any organization within or outside the EU that collects or processes personal data of EU citizens must take action according to the requirements of the GDPR.
The GDPR is therefore relevant to anyone responsible for the collection or processing of the personal data of EU citizens. And of course this does not except non EU businesses, because if they want to trade with the EU, they have to play by the EU’s rules.
GDPR rights and responsibilities
But what are those rules? To get a better understanding, let’s look at what rights Data Subjects will have and what responsibilities Data Controllers and Processors will need to consider:
- The right to data correction: Simple enough yet giving subjects a chance to change any previously provided information and make adjustments if necessary.
- Tighter consent requisitions: Data subjects must be informed and consulted on anything related to the processing of their personal data, or ways in which that data might be used.
- The right to be forgotten: Giving subjects the chance to erase all stored information relating to them.
- Notification on data endangerment and current state: During the whole data handling process subjects bust be informed on what is happening to their personal data and if it is at risk.
- Privacy by default: Once an agreement has been made between the subject and the other data entities, divergence from the terms is only possible once an additional agreement has been made by the parties.
These are the rules that directly apply to data subjects, but the responsibilities of both data controllers, known as responsibilities, are also very much in the interests of the data subjects
- Accountability for violations and breaches: Both controllers and processors can be held responsible by the supervisory authority in the event of any negligence of personal data security or of not complying with the GDPR requirements.
- Harsh sanctions for not complying: The GDPR stipulates that not complying with the regulation can lead to penalties up to 4% of total global annual turnover or €20 million, whichever is the higher amount.
- Embedded security measures: The security of personal data should not be an afterthought when it comes to infrastructure development.
- Visibility in the data flow: Information and the actions executed to it must always remain visible and traceable.
- Full functionality of data handling: All implemented habits and technologies must serve the sole purpose they were intended for.
OSLO, Norway–(BUSINESS WIRE)– Thin Film Electronics ASA (“Thinfilm”) (OSE: THIN.OL; OTCQX:TFECY), a global leader in printed electronics and smart systems, today announced it has been named the recipient of a 2016 IoT Evolution Asset Tracking Award for OpenSense™, its revolutionary NFC (Near Field Communication) product.
The award was given by IoT Evolution World and IoT Evolution Magazine, leading print and online publications covering the broader “Internet of Things” marketplace. It honors “excellence in innovation utilizing IoT technologies to automate the asset tracking functions to increase efficiencies, reduce theft, or optimize utilization of the asset.”
Other companies receiving the award for 2016 include AT&T, Impinj, BioLife Solutions, and Sprint.
“We have a great ecosystem at the heart of IoT, and the IoT Evolution Asset Tracking Award highlights innovation within asset management,” said Carl Ford
, CEO & Community Developer for IoT Evolution. “In selecting the winners, I have been impressed with the ingenuity and real-world application of the award winning products.”
OpenSense tags are thin, flexible labels that can detect both a product’s “factory sealed” and “opened” states and wirelessly communicate with the tap of an NFC-enabled smartphone. The tags, which are virtually impossible to clone, contain unique identifiers that make it possible to authenticate products and track them to the individual-item level using powerful software and analytics tools. In addition, the tags remain active even after a product’s factory seal has been broken, empowering brands to extend a targeted dialogue with manufacturers, supply chain partners, retailers, and consumers alike.
“Thinfilm is pleased to receive this award, especially given its focus on technology innovation for IoT-related applications,” said Davor Sutija, CEO of Thinfilm. “Whether verifying that a product has not been tampered with throughout the supply chain, validating its authenticity, or confirming its continuous sealed state, OpenSense helps businesses take asset tracking to an entirely new level.”
About Thin Film Electronics ASA
Thinfilm is a leader in the development and commercialization of printed electronics. The first to commercialize printed, rewritable memory, the Company is creating printed systems that include memory, sensing, display, and wireless communication, all at a low cost unmatched by any other electronic technology. Thinfilm’s roadmap integrates technology from a strong and growing ecosystem of partners to enable the Internet of Everything by bringing intelligence to disposable goods.
Thin Film Electronics ASA (“Thinfilm”) is a publicly listed Norwegian company with headquarters in Oslo, Norway; product development and production in Linköping, Sweden; product development, production, and business development in San Jose, California, USA; and sales offices in the United States, Hong Kong, and Singapore. For more information, visit www.thinfilm.no.
This information is subject of the disclosure requirements acc. to §5-12 vphl (Norwegian Securities Trading Act).
View source version on businesswire.com: http://www.businesswire.com/news/home/20160908005536/en/