GDPR

Quick Look into What GDPR is All About?

GDPR is an updated version of the age-old Data Protective Directive [95/46/EC] of 1995. The decision to upgrade the existing directive did not happen overnight. The proposal for a more comprehensive regulation came jointly from the European Parliament, the Council of the European Union (EU) and European Commission. The main motto of the General Data Protection Regulation (GDPR) is to strengthen the protection of data of the individuals within the EU territory. The law applies to all those EU and non-EU companies who process or deals with private data of EU citizens, irrespective of their location…

Date-wise Representation of GDPR from Proposal to Implementation:

GDPR proposal came to the EU Council for consideration

June 25,2012

The joint bid for GDPR gets approved by the European Parliament Committee

December 17,2015

DPR is adopted, and the features of the new regulation get clearly mentioned in the official EU journal

Apr 14,2016

After a gap of two years, the law gets implemented within all EU member states

May 25 ,2018

How GDPR Differs from the Old Directive? – The Note-worthy Changes in the New
Regulation

With the introduction of the new data protection regulation, many policy changes came into light. From stricter compliance checks to hefty fines, GDPR has brought in a massive wave of transformation to make data usage more transparent and organized.

Instruction Type

The significant difference between GDPR and its predecessor lies in the type of instruction they are. Unlike the previous policy, GDPR is not a directive. It is a regulation that legally binds
all the companies falling under its jurisdiction with stricter laws to follow. Whereas an instruction can only lay out the objectives like a guide, cannot enforce it.

The Inclusion of Privacy By Design

According to the new law, the companies handling EU subject’s data must give importance to system design from the beginning. It should not be an add-on for the later part. Right from
the start, data controllers must pay attention to designing the system giving priority to privacy concerns

Consent Type

The new regulation makes consent forms more explicit for better transparency when dealing with data. There is no place for unclear and ambiguous to understand consent forms. GDPR makes it compulsory for businesses to explicitly state the facets of consent forms, making it distinguishable from other declaration forms. Also, privacy policies should be mentioned in detail and should be readily accessible to the subject. The customer should have a precise knowledge of what purpose their data will serve before being asked for consent regarding its usage.

Territorial Reach

The reach of the previous data protection direction was limited within the EU territory. Companies located in the European Union were only subjected to the directive. However, the new
law eliminates territorial boundaries and makes GDPR applicable to all data controllers and processors. As long as your company processes EU subject’s data, you are bound to comply with GDPR. Location is no more a limitation for the data protection law to apply

New Set of Rights for the Data Subjects

Earlier, data subjects did not enjoy as much transparency and control over their data as they are now going to with this GDPR in use.Although, the previous directive also gave EU citizens the right to data the new regulation adds an extra edge to it with a more rigorous
approach..

Hiring Data Protection Officer

According to the previous directive, local Data Protection Officer (DPA) had the responsibility to record the activities of the data controllers. But with the new law, companies with large-scale data processing will have to appoint a DPO who will systematically
monitor the data processing regularly

Everyone is Responsible Now

Under GDPR, everyone is responsible for protecting data and accountable for any data breach. Earlier, it was only the data controller who was held for data misuse if any. But, now, both
the data processor and controller has to comply with GDPR to avoid mishandling of data. This means that even third-party data processors will also have to follow the compliance norms set by the new EU regulation

Notification of Security Breach

GDPR makes breach notification mandatory. Data controllers must inform their supervisory authority about any data breach incident within 72 hours of learning about it. Also, they must notify the subjects who are at risk due to the breach.

Enterprise Penalties for Non-compliance

Article 83 of the new regulation clearly states that enterprises failing to comply with GDPR policies will have to bear heavy penalties. The penalty amount can be a maximum of 4% of the global turnover or €20 million of the previous FY, whichever will be greater. However, the fine will be on the basis of the level and the criteria of different types of non-compliance actions.Also besides fine, the company may receive warnings or suspension of their data processing license permanently.

Is our Database GDPR Compliant?

Healthcare industry deals with highly sensitive patient data. Therefore, application of GDPR becomes more stringent and stricter in this sector. Unlike the previous directive, GDPR clearly defines health data and focuses on protecting the patient data also. It brings all the physical and mental health information of an individual under the jurisdiction of ‘health data.’ Hence, data processors and controllers engaged in health data processing have to abide GDPR compliance guidelines at any cost..

We as a marketing database provider in the healthcare industry have always given priority to protecting our client data. It is not that with GDPR coming into play, we have become alert and paying particular attention. While most providers were adversely affected by GDPR, we had an opposite experience. Even before GDPR got implemented, we were ready to face the compliance challenge. A dedicated legal team ensures that we follow all the norms to keep our proceedings legal and wise.

Our team has taken necessary steps to ensure that the data we offer is GDPR compliant

The contact details of prospects we offer come from reliable sources like
market surveys, seminars, conferences, websites, business listings, etc.
We update, clean and validate our database on a regular basis.
Every data is stored with proper protection in place.
We make sure only permissioned based data enters our database.

We double check and verify every data through email and telephone verification process.
We have appointed a DPO to keep an eye on our data processing.
Every data is stored with proper protection in place.
We have designed our systems by giving priority to data privacy.

How Medico Resources Protects Your Personal Data?

All our security systems have been updated to protect data.
We have a Subject Access Requests (SAR) system to respond to your data access request.
Our team audited the existing database to keep it authentic and accurate.
All the data we process takes place in a legitimate and compliant way.
We respond quickly to customer’s request for data erase or portability.
Our data processing is transparent, and we keep customers informed about their data use.
Proper consent is taken from the customer before initiating any communication.

Through emails, we offer the opt-out option to clients as per their choice.
We are training staff about GDPR to promote data compliance culture within our organization.
We store data in an encrypted format and protect them with passwords.
Our systems are re-designed to strengthen security checks.
We have a DPO who continually monitors and tracks use of every data.
We make sure that the third-party vendors we work with follow security obligations.
We encourage clients to follow security practices and take charge of their data

Get Expert Advice for Customized Data Solutions?

Our professional experts are ready to address your varied data needs. Tell us your concern while we help you tailor a targeted and accurate marketing
list for your B2B campaigns.

Ask to Our Experts