Off is “Personal Data”, the information which can

Off the Record Music Sales,            TheGeneral Data Protection Regulation (GDPR) was set by the Council of theEuropean Union and the European Parliament to strengthen and unite dataprotection for all the individuals in the European Union (EU). The GDPRconcentrates to give the control back to citizens and residents over theirpersonal data and to simplify the regulation for International Business bycombining the regulation with the EU. The regulation documents the thought thatindividual’s personal data must be protectedbecause it is the primary right to own security and justice among the market.  The regulation was adopted on 27April 2016, so you must follow the regulations for the customers of OTR in theEuropean Union.  The primary information that mustbe protected by the Off the Record Music Sales (OTR) for the customers of theEuropean Union is “Personal Data”, theinformation which can be used to identify an individual as a person by anymeans. The information is §  Name§  PersonalIdentification Numbers§  MedicalInformation §  Shippingand Billing Address§  Gender§  Credit CardInformation§  SocialSecurity Number§  OrderHistory§  PhoneNumbers§  EmailAddress§  IP and MACAddresses    Data Processing:            Data can beprocessed if there is a minimum one lawful basis to do so.

The lawful basis toprocess the information are§  Theinformation subject has given consent to process the data for specifiedpurposes. §  Processingis critical for compliance with the legal obligation to the user. §  Processingis critical to protecting the importantassets of the customer or of another person.§  Processingis important for the performance of the task administrated within the publicinterest or within the exercise of official authority within the controller. §  Processingis important for the legitimate interests pursued by the controller or by a 3rdparty.  Consent            Inaccordance with the GDPR, data processing is based on consent the controllermust determine that the data has consented to the processing of personal data.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

You must receive the consent for theperson through a “freely given, specified, informed and unambiguous indicationof the data’s subject agreement to the processing of personal data relating tohim or her, such as by a written statement, including by electronic means, or anoral statement” (Art. 1 (32)). The person has right to withdraw the consent atany time. The withdraw will not affect the lawfulness of processing data basedon the consent before its withdrawal.  Controller and Processor            Accordingto Article 4 of the EU GDPR, Controller is a natural or legal person, publicauthority, agency or another body which,alone or jointly with others, determines the purposes and means of theprocessing of personal data”.

The processoris a natural or legal person, public authority, agency or another body which processes personal data onbehalf of the controller”. The controller is responsible to demonstratecompliance with the principles related to the processingof personal data. The processing is carried out on behalf of a controller, thecontroller shall use processer by providing guarantees to implement technicaland organizational measures to meet the requirements of GDPR.

 Data Breach and Notifications            Dataprocessors must report personal data breaches to data controllers. Datacontrollers must report the data breach to the superior authority in 72 hoursand in some cases, affected individuals. Data controllers must have an internalbreach register.

GDPR Penalties            Penaltiesfor infringement will be considered on a case by case basis and will take many criteriainto consideration, like intentional nature, number of subjects affected andprevious infringements by data controller or processor.             Thelower level of fine up to €10million or 2% of the company global annual turnover. This includesinfringements relating to: §  Dataprotection by design and by default.§  Previousrecords of processing activities. §  Involvementof superior authority.§  Data breachnotification to the superior authority. §  Communicationbetween the customers. §  Data impactassessment.

§  Consultation.§  Certification. Data relating to criminal convictions            Dataprocessing of personal data relating to criminal offenses should be carried out under the control of OfficialAuthority or under Union or State member authorization providing safeguards forthe rights and freedom of data subjects. Recommendations            To ensurethat GDPR is implemented, there are necessary measures to be implanted toprevent issues, breaches, and offenses. §  All the datastorage devices at OTR must be encrypted with multi-factor authentication.

§  Databackups must be implemented on site and off the site. The data backups must beencrypted, and multi-factor authentication must be implemented on the backups. §  Authorizedemployees must be able to access the data of the customers under the GDPRstandards. §  Theemployees handling the customer’s datamust be trained and aware of the standards of processing the information uponcustomers request. §  If acustomer data is compromised, it is the company responsibility to notify thecustomer within the given 72 hours of the breach as per the GDPR standards. 


I'm Mary!

Would you like to get a custom essay? How about receiving a customized one?

Check it out