What is General Data Protection Regulation(GDPR)?

The new year will bring many changes for businesses across Europe, but one thing for certain is the impact of General Data Protection Regulation (GDPR). GDPR was passed by the European Parliament back in 2016, it harmonizes data privacy laws across Europe to protect EU residents’ information.

The main purpose of GDPR is to improve individual data protection rights by placing restrictions on how personal data can be used. The motivation behind the new Europe-wide law is clear: the digital age means unique threats are coming to the fore, which also means protecting citizens’ and customers’ data is paramount. GDPR updates and adds more requirements in regards to the 1995 data protection directive. This makes the new regulation more demanding than any other legislation of this kind.

Take a look at some prominent articles from GDPR*:

Article 6: Lawfulness of processing
Article 9: Processing of special categories of personal data
Article 16: Right to rectification
Article 17: Right to erasure
Article 18: Right to restriction
Article 19: Notification obligation
Article 20: Right to portability
Article 21: Right to object
Article 25: Ability to limit access to personal data
Article 34: Notification of a data breach

How GDPR will impact your business?
As we move ever-closer to the May 25th deadline, it is imperative that GDPR preparation is at the forefront of every company’s business strategy. Any company, regardless of its geographical location, that stores or processes personal information about EU residents within EU statesneeds to ensure they are in compliance with GDPR mandates.

Specific criteria for companies required to comply are:

  • A presence in an EU country
  • No presence in the EU, but it processes personal data of European residents
  • More than 250 employees
  • Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies
    • Non-compliance with GDPR can end with fines of 20 million euros or 4% turnover. That’s perhaps the strongest incentive to abide by the new regulation as it is not exactly a small amount for start-ups or any organization.

To achieve compliance, a number of processes and procedures must be put in place when it comes to handling data of any EU residents. Organizations are also responsible for ensuring their contracted third-parties comply with GDPR mandates.

In next part, we will see how CRM system can help you in obtaining GDPR compliance. Stay Tuned!

*Reference: Important GDPR Rules.pdf

January 17, 2017