General Data Protection Regulation (GDPR)

The new European General Data Protection Regulation (EU) 2016/679, which came into force on 25 May 2018, establishes a single legal framework for the protection of personal and sensitive data in all EU Member States. Its application is mandatory in all EU countries and affects businesses across the globe if they serve people residing within the EU.

The Regulation requires all companies to apply measures to reasonably protect the privacy of their consumers and privacy from data loss or exposure to unauthorized persons.

Highlights of the General Data Protection Regulation (GDPR)

  • Article 5 of the GDPR summarizes the most important principles regarding the management of personal data:
    Legality, fairness and transparency
    • Personal data should be processed in accordance with law, fairly and transparently
  • Limited purpose
    • Personal data must be collected and processed for explicitly defined and legitimate purposes and should not be used incompatible with them
  • Minimize data
    • Personal data collected should be limited, adequate and relevant only to serve the purpose for which they were collected
  • Accuracy
    • Personal data stored and processed must be accurate and, where necessary, up to date
  • Storage limitation
    • Personal data, identifying a person, should be kept for a period of time that does not exceed what is necessary to fulfill the purpose that has been collected and processed.
  • Confidentiality and integrity
    • Personal data must be processed in a way that ensures their security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures

What should an enterprise do to comply with the new regulation?

Many of the main concepts and principles of GDPR are the same as those of the previous DPA, so if you are already properly compliant then most of your compliance approach will remain valid within the GDPR.

However, there are new elements and important improvements, so you have to do some things for the first time and some things differently.

It is important to carefully design your approach to GDPR compliance and gain the support of your staff and / or key people in your business.

You may need, for example, to implement new procedures to address the new transparency of GDPR and the rights of individuals. In a large or complex business, this could have major financial implications, human resource allocation of the IT department, additional work for your staff, communication impact, and business disruption.

Some sections of the GDPR will have a greater impact on some businesses than others.

For example, businesses that create or manage a person's profile, collect their personal data, or process child data, will face more difficulties in complying with them.

The "road" to full compliance is "long" and the methodology to be followed "to end" is of strategic importance.

Beginning, each business should record which parts of the GDPR will have the greatest impact on its business model and pay special attention to these areas in the process of designing its policies and the detailed description of its processes.

We can help you define a strategy for your privacy programme, and a tailored approach based on what matters most to your organization and your approach for risk. Every business has unique characteristics requiring a tailored approach to data protection.

Baris Software Ltd. Software development & Consulting Services