What’s the impact of GDPR for your company?

Posted on Tuesday, February 13, 2018

GDPR, or the General Data Protection Regulation, regulates how companies must deal with personal data. A new GDPR was urgently needed. The previous GDPR already dates back to 1995. It was therefore hopelessly dated and no longer in touch with the current digital environment.

The GDPR is a European regulation and not a directive, which means that from May 25th this European law will be fully implemented in each member state at the same time, so there’s no escaping your responsibility! From May 25th, every organisation can be hold accountable for the way they’re handling personal data, and the consequences could be severe. The fines can amount to 4% of your annual worldwide turnover or 20 million euros, depending on which amount is higher!

How to make sure your company meets the GDPR requirements?

The regulation can simply be divided into four questions, and you must have yours answers ready for each of these questions.

1. How do you collect data?

A major change from the previous regulation is that you have to prove that you have received specific permission from the people you approach. And just like these people gave their consent, it should be just as easy for them to withdraw it! Furthermore it’s also forbidden to process data from minors (16-), to pass on personal data, to profile people in an impersonal (ie not human-made) way and collect ‘special’ personal data: ethnicity, health, sexual preference.

2. How does your company deal with the collected data?

We can summarize this question in three principles that must be met: firstly, a person must at all times be able to request information from your organization on what data is stored about him or her; secondly, this person also has the 'right to be forgotten' and thus completely removed from your databases. Finally, you must also be able to demonstrate the necessary processes in your company to keep data safe, especially when it can be processed by suppliers or customers.

3. How do you organize the data collection processes within your company?

Individuals who you have collected data from should, at any time, have access to what the exact information it is you have about them, the purpose of keeping this data, the categories, the recipients, the retention period and the rights of those individuals. These rights include the right to file a complaint and to object to profiling. In addition, in certain cases you must also even appoint a data protection officer. You are also obliged to make your employees aware of the importance of all this legislation.

4. How do you communicate your data?

As indicated earlier, you as an organization are obliged to inform those concerned about what information you have collected about them and for what purpose. You must also be able to communicate this to them in an understandable form and in a normal language. Do you have a data breach? Then it’s obligated to report this to the supervisor within 72 hours. You must also publish the contact details of the data protection officer (who is internal or external to your organization) so that the subjects of your data can exercise their rights and the supervisor knows who the contact point is.

Summarizing, your organization must meet the following conditions when processing personal data: transparency about the processing, limiting the purposes for which the data are used, data restriction (only the necessary data may be collected), correctness of data, storage restriction in time, integrity and confidentiality (protection against loss, destruction or unauthorized access) and accountability: you must be able to demonstrate compliance with all these rules.

the-impact-of-gdpr-for-your-company thumbnail

Comsave in the news

  • impressions-after-itw thumbnail
    Friday, May 18, 2018

    Our impressions after ITW

    For the first time in our history, Comsave had a booth at the International Telecoms Week in Chicago. What struck our colleagues Matthijs, Anna and Jeroen the most after a hectic week in the USA?

  • baltic-sea-challenge thumbnail
    Friday, May 18, 2018

    Comsave's sponsoring the Baltic Sea Challenge

    What's the Baltic Sea Challenge? Our colleague Roelof De Vries takes on the challenge. Read more.

  • ipv6-the-new-internet thumbnail
    Friday, May 18, 2018

    Comsave Core University - Part 3: IPv6

    More devices are connected to the internet every day, but every device has an IP-address and just like number plates on cars, there's a point where you just run out of options. That's the case with the IPv4-protocol, which generated addresses. The last block was created in 2012 and the last addresses are used as we speak, which means it's time for its successor: IPv6. And that has some serious consequences...