Do you need a consultation?+420 720 153 593

Courses
Calendar
Služby
Kariéra
About us
References
Contact

Need help?+420 720 153 593
English
- Česky
- Slovensky

% Slevy %DotacePRINCE2ITILArtificial IntelligenceMore

Data protection

Better rules for small businesses

Stricter data protection rules since May 2018 mean that citizens gain more control over their data and businesses benefit from a level playing field. One set of rules for all companies operating in the EU, wherever located. Learn what this means for your SME.

What is personal data?
Why change the rules?
Your responsibilities
Failure to follow the rules

What is personal data?

What is personal data?

Do you
store
use
data?

You have to follow the rules.Do you process data for other companies? Then this applies to you as well.

Why change the rules?

It's about trust…

Distrust of the old data protection has hampered the digital economy and it is quite possible that your business.

<span class="translation_missing" title="translation missing: en.root.gdpr.what.trust.image_alt">Image Alt</span>

People think they have the information they enter online completely under control.

And help companies grow…

One set of rules for all data processing companies in the EU

<span class="translation_missing" title="translation missing: en.root.gdpr.what.help.image_alt">Image Alt</span>

Business is now easier and fairer

The new system keeps costs low and helps businesses grow

<span class="translation_missing" title="translation missing: en.root.gdpr.what.help.image_alt_millions">Image Alt Millions</span>

130 million euros

the cost to a business in the EU of informing 28 different data protection authorities in the old system

<span class="translation_missing" title="translation missing: en.root.gdpr.what.help.image_alt_billions">Image Alt Billions</span>

2.3 billion euros

the estimated economic benefits of uniform legislation

The new rules should boost the confidence of consumers and therefore businesses.

What your company needs to do

Protect the rights of the people who provide you with your data

Communication

Communicate easily.

When you request information from them, tell them who you are.

Indicate why you process the data, how long you will keep it and who will retrieve it.

Warning

If people are at serious risk of data breaches, let them know.

Access and portability

Let people access your data and share it with other companies.

Agreement

Get a clear consent to the processing of data from them.

Do you collect data from children from social networks? Check the age limit when you need parental consent.

Protection of sensitive data

Apply premium protection to information about health, race, sexual orientation, and religious and political beliefs.

Deleting data

Give people the "right to be forgotten". If they request it, delete their personal data [ndash], but only if this does not interfere with freedom of expression or scrutiny.

Marketing

Give people the right not to engage in direct marketing that uses their data.

Data transfer outside the EU

If you transfer data to countries not verified by the EU institutions, take appropriate legal action.

Profiling

If you use profiling when processing applications leading to the conclusion of a legally binding contract, eg in the case of loans, you must:

inform your customers about it;
in the event that a request is rejected, ensure that the entire procedure is controlled by a person, not a device;
give the applicant the right to challenge the decision.

Protect data conceptually

Integrate data protection measures into your products and services from the earliest stages of development.

Protect data conceptually

Are you processing data for another company?

Make sure you have an unassailable contract that lists each party's obligations.

Verify that you do not need a dedicated employee to protect your data

It is not always a duty. It depends on the type and amount of data you collect, whether it is your main business and whether you process it on a large scale.

You process personal data as a basis for the search engine advertising that is being created

true

Once a year you send your clients an advertisement in which you promote your food business.

false

You are a general practitioner and you collect data about the health of your patientsů.

false

You process personal data of a genetic and health nature for the hospital.

true

Keep records

SMEs only need to keep records if they are processing data

takes place regularlyendangers the rights and freedoms of individualshandles sensitive data or criminal records

Records should include:

Name and contact details of the company
Reason for data processing
Description of the categories of data subject and personal data
Categories of organizations that will receive the data
Transfer of data to another country or organization
Deadline for deletion of data, if possible
A description of the security measures applied during processing, if possible

Anticipate impact assessments

In the case of HIGH RISK processing, it may be necessary to use an impact assessment.

Nové technologie
Automatic, systematic processing and evaluation of personal data
High-capacity monitoring of public space (eg camera system)
High-capacity processing of sensitive data, such as biometricsy

Costs in case of non-compliance with the rules

Compliance with the rules is monitored by local data protection authorities; their action is coordinated at EU level. Failure to comply with the rules can lead to high costs for the person concerned.

Costs in case of non-compliance with the rules

Protect your data, protect your business

Zjistěte více v akreditovaných kurzech GDPR GDPR kurzy

Udělejte si jasno v GDPR díky auditu online a zdarma! GDPR audit tool

This document cannot be considered as an official opinion of the European Commission and does not replace legislation.

© European Union, 2017Reproduction is authorized provided the source is acknowledged.ISBN 978-92-79-65165-6 – doi:10.2838/4167 – DS-04-17-046-CS-N

Would you like a gift for your birtday?

If you are a human, ignore this field

Portfolio

% Slevy %
Dotace
PRINCE2
ITIL
Artificial Intelligence
Next >

Main offer

Courses
Calendar
Služby
Kariéra
About us
References
Contact

Certification

TOGAF^® 9 Certification
Digital Marketing Certification
PRINCE2^® Certification
SCRUM^® certification
BigData Certification

TAYLLORCOX

Important contacts
Training center
Our references
Business terms

Our base

Křižíkova 2136/2a, Praha 1, Nové město, 110 00+420 720 153 593

Follow us

Tayllorcox application

Download our application

Download in App Store

Download in Google Play

TAYLLORCOX is RCB (Registered Certification Body) for ISO standards, ACO (Accredited Consulting Organisation), CAB (Conformity Assessment Body) for eIDAS and ATO (Accredited Training Organisation). AgileSHIFT^®, ITIL^®, PRINCE2^®, PRINCE2 Agile^®, MSP^®, MoP^®, M_o_R^®, P3M3^® a P3O^® je registrovaná ochranná známka společnosti AXELOS Limited používaná s jejím svolením. Všechna práva vyhrazena. TAYLLORCOX is Licensed Affiliate Partner of IT Preneurs. AXELOS^® is a registered trade mark of AXELOS Limited. The Swirl logoTM is a trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. Copyright© AXELOS Limited 2009. Copyright© AXELOS Limited 2017. TOGAF^® and ArchiMate^® are registered trademarks and IT4IT™ is a trademark of The Open Group. TOGAF^®, ArchiMate^®, IT4IT™ logo and The Open Group Certification logo (Open O and check™) are trademarks of The Open Group.

Consent to personal data processing

I hereby consent to the processing of all my personal data (given name, surname, contact email, telephone number) (hereinafter the 'Data') that I have provided and declare my agreement with the data protection regulations according to EU 679/2016. I consnet to the inclusion of my Data in the database of TAYLLORCOX s.r.o., reg. office Na Florenci 1055/35, Nové Město, 110 00 Praha 1, Česká republika (hereinafter the 'Company').

I agree that I voluntarily provide my Data for the purpose of processing accredited courses, certifications, and electornic communication and marketing, i.e. provision of information via electronic mail or via phone, distribution of commercial messages by electronic means according to Act No. 480/2004 Coll.

Personal data will be processed manually and automatically.

I acknowledge that upon request the Company is required to provide information regarding the processing of Data, its purpose, personal information subject to processing including its source, the nature of automated processing and the recipients of the Data, i.e. those who were allowed access to my personal data.

I aknowledge that I have the right to demand explanation of the Data processing in case I believe my Data is not processed legitimately, and consequently to demand rectification of this situation, specifically blocking, completion, correction or removal of the Data.

I voluntarily give my consent for the period of 60 months and I acknowledge that I have the right to withdraw anytime.