15. February 2018
What is the GDPR?
This is the first post in a series which will analyse and clarify relevant aspects of the new European Data Protection Regulation.
The new EU Data Protection Regulation (Regulation (EU) 2016/679), also known by its acronym as the GDPR, came into force on the 25th of May 2016 and following its two-year implementation period will apply from 25th of May 2018.
This GDPR is the result of several years of debate between the various bodies, institutions and actors – governments, European data protection authorities and businesses, and aims to provide citizens with a privacy law that is up to date with today’s technology. The Internet, Social Networks, Mobile Devices along with many other factors have completely changed the way in which companies communicate with each other and with their consumers or users. The previous data protection regulations were simply not suitable for today’s world.
To comply with the new directives, private companies and governments must immediately act to build a structured process of data processing and privacy protection, which provides for new roles, responsible persons and their corresponding responsibilities. Especially in the case of large, complex organisations, this represents a considerable impact at an organisational level.
The new regulation represents a global milestone in terms of regulations regarding data processing regulations and will serve to strengthen existing rights and give individuals more control powers over their personal data, while at the same time creating business opportunities and encouraging innovation.
What kind of organisation will the GDPR affect?
To put it simply, if your organisation does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then the provisions of the GDPR apply.
I.e.: this Regulation will apply both to companies and professionals with a registered office in Europe who process data and provide services to European citizens, as well as companies or professionals with their registered office outside the EU, who process data because of offering goods or services to European citizens.
The GDPR at a glance:
- The GDPR will be directly applicable in all EU countries (i.e. the same rules will be valid in all European countries), apart from the existing rules under the current privacy directives and the European regulatory framework;
- Every individual will have more control over personal data, such as the possibility of bringing data with them between different service providers;
- Children will be subject to additional safeguards for data processing;
- Simplifications will also be envisaged for companies processing data.
Enterprise Content Management (ECM) software such as AMAGNO enable companies to comply with the GDPR. AMAGNO brings files, documents and company information together and can be used to search for keywords such as name, customer number, or date of birth, whether originally a scanned document or a digital file. By identifying and highlighting the full-text from almost all file formats in a matter of seconds, businesses can find the information they need to, destroy it, anonymise it or edit it as required – and provide evidence that they have done.
The following articles in this series will cover GDPR topics such as Legal Status, Individual Rights, Commercial Aspects, amongst others.