The document outlines the key changes introduced by the GDPR in 2018, emphasizing the importance of compliance for organizations, including potential fines for non-compliance and the appointment of data protection officers. It highlights the need for better data transparency, security protocols, and clear communication with individuals about their data rights. Additionally, it notes that all entities processing European citizens' data, regardless of location, must adhere to the GDPR regulations.

1. GDPR
WHAT’S GOING TO CHANGE WITH THE
IN 2018
KWANKO: GDPR-FRIENDLY
Kwanko is a leader in Performance Marketing on web, mobile and tablets.
With a presence in 14 countries, Kwanko is firmly positioning itself as the most
international of the leading names in the industry. If you would like to boost your
sales and collect new prospects, contact our experts via our website
www.kwanko.com
You should focus on applying the regulations
in the country of your company's tax domicile.
This Data Protection Commission will act as
an intermediary.
01 RULES
FOR EVERYONE
02 HEAVY
FINES
Several warnings and prior procedures must take
place before these fines are applicable. If your
continued and clear non-compliance with these
rules is proven, substantial fines may be imposed.
It is important to work with partners who
comply with these regulations in order
to be protected from third party liability.
03 GREATER
RESPONSIBILITY
Work with partners who control all channels
in an organized and centralized way, and
ensure data security without leaving the EU.
04 EU AND
NON-EU
05 MORE RIGHTS
FOR INDIVIDUALS
Take advantage of this opportunity to increase
the involvement of your audience. Boost your
credibility, reputation and transparency with your
potential customers. Kwanko can give you some
suggestions to make the most of this opportunity!
Some DPO certification procedures have already
been made available but should only be applied
when the regulations are implemented.
06 DATA PROTECTION
OFFICER
07 DEFINITION
OF PERSONAL DATA
08 DATA TRANSFER
BETWEEN COUNTRIES
09 SECURITY
BREACHES
The definition of personal data and identification has been updated since the previous
regulations. For example, tracking and identification in the digital sector will be taken into
account in the new regulations.
Data needs to be more transparent and more
secure. Only essential elements should be used
and should provide value to the user, while
informing them of how they will be used.
10 PROFILING
Filtering processes should be reviewed
in accordance with this requirement,
but most importantly, flow and transparency
protocols should be used throughout the
process.
Kwanko helps publishers and clients prepare for all
they need to comply with the new regulation. Through
training and guidance, we help demystify the needs
of our clients in the face of these requirements.
Make sure that you are surrounded by partners
that understand the needs of the regulation and
always deliver results to you in a compliant manner.
You should choose the servers on which you
store your data carefully. If they are hosted
on secure servers within The European Union,
you will be protected.
Ensure that all data is secured with firewalls
and access restriction protocols. In the event
of an incident, just follow the regulations.
The legislation will have to be adapted to each country's Constitution. There are over
30 exemptions foreseen in respect of how each Member State will adopt these regulations.
The GDPR imposes administrative fines for breaches of its provisions. The fines imposed
may be up to EUR 20 million or 4% of the company's annual turnover, whichever is higher.
Each State shall create legislation for these penalties, with levels of severity and limits.
Subcontractors, that is to say organisations that process personal data on behalf of others,
may also be held liable in the event of non-compliance with its obligations under the GDPR.
It does not matter whether the organisation is located in Europe or outside Europe.
If it processes the data of European citizens, it must also comply with this legislation.
Communication should be clearer and state how the data will be used by those
organisations that request it. It should also include the "right to be forgotten"
and have the capacity to transfer data to competitors or other organizations.
The GDPR requires the appointment of a Data Protection Officer (DPO) for all organisations
whose core activities lead them to carry out regular and large-scale monitoring of personal
data.
Protocols will be created on how data can be transferred across borders, as well as a better
definition of countries with which there may be more or less freedom of movement of data.
If there are security breaches in the data, the data protection authorities should be informed
within a maximum of 72 hours and individuals should also be informed of the dangers of
such a security breach.
Automated profiling systems – in particular with regard to the implementation of contracts,
loans or insurance – cannot exclude individuals without human intervention and guarantee
the right of objection.