Regarding the need to ensure the safeguarding of personal data in all areas where it can be managed, since 25 May 2018, the European Union (EU) implemented the “General Data Protection Regulation” (GDPR), a regulation that had entered into force on 25 May 2016, in order to companies and organizations have a 2-year period to adapt to the obligations of the standard.
It should be noted that data privacy has evolved and improved over time and circumstances in accordance with Article 12 of the “Universal Declaration of Human Rights” of 1948 and the beginning of the globalization of business relations between companies, which involves, among others, the transfer and use of personal data in commercial transactions, for example. The GDPR is mandatory for EU companies or organizations processing personal data, or companies established outside the EU doing business with European companies, which, otherwise, may be rigorously sanctioned if they do not comply with the regulation.
In this regard, the GDPR states that there must be a legitimate reason for processing someone’s personal data, including, but not limited to, the consent of the data subject. If this is the case, you can inform the data subject about what personal data you want to collect, exactly for what purpose, and the period of processing.
It is, therefore, essential that IT professionals, workers, and organizations are aware of the responsibilities regarding data privacy laws and regulations. Data processing must be adequate, relevant, and limited to what is necessary concerning the purposes of collection and processing. While processing personal data, integrity shall be maintained. Every possible and reasonable effort should be made to ensure the proper management and processing of personal data and to facilitate the exercise of rights for such data subjects.