What’s the impact of GDPR for your company?

Posted on Tuesday, February 13, 2018

GDPR, or the General Data Protection Regulation, regulates how companies must deal with personal data. A new GDPR was urgently needed. The previous GDPR already dates back to 1995. It was therefore hopelessly dated and no longer in touch with the current digital environment.

The GDPR is a European regulation and not a directive, which means that from May 25th this European law will be fully implemented in each member state at the same time, so there’s no escaping your responsibility! From May 25th, every organisation can be hold accountable for the way they’re handling personal data, and the consequences could be severe. The fines can amount to 4% of your annual worldwide turnover or 20 million euros, depending on which amount is higher!

How to make sure your company meets the GDPR requirements?

The regulation can simply be divided into four questions, and you must have yours answers ready for each of these questions.

1. How do you collect data?

A major change from the previous regulation is that you have to prove that you have received specific permission from the people you approach. And just like these people gave their consent, it should be just as easy for them to withdraw it! Furthermore it’s also forbidden to process data from minors (16-), to pass on personal data, to profile people in an impersonal (ie not human-made) way and collect ‘special’ personal data: ethnicity, health, sexual preference.

2. How does your company deal with the collected data?

We can summarize this question in three principles that must be met: firstly, a person must at all times be able to request information from your organization on what data is stored about him or her; secondly, this person also has the 'right to be forgotten' and thus completely removed from your databases. Finally, you must also be able to demonstrate the necessary processes in your company to keep data safe, especially when it can be processed by suppliers or customers.

3. How do you organize the data collection processes within your company?

Individuals who you have collected data from should, at any time, have access to what the exact information it is you have about them, the purpose of keeping this data, the categories, the recipients, the retention period and the rights of those individuals. These rights include the right to file a complaint and to object to profiling. In addition, in certain cases you must also even appoint a data protection officer. You are also obliged to make your employees aware of the importance of all this legislation.

4. How do you communicate your data?

As indicated earlier, you as an organization are obliged to inform those concerned about what information you have collected about them and for what purpose. You must also be able to communicate this to them in an understandable form and in a normal language. Do you have a data breach? Then it’s obligated to report this to the supervisor within 72 hours. You must also publish the contact details of the data protection officer (who is internal or external to your organization) so that the subjects of your data can exercise their rights and the supervisor knows who the contact point is.

Summarizing, your organization must meet the following conditions when processing personal data: transparency about the processing, limiting the purposes for which the data are used, data restriction (only the necessary data may be collected), correctness of data, storage restriction in time, integrity and confidentiality (protection against loss, destruction or unauthorized access) and accountability: you must be able to demonstrate compliance with all these rules.

the-impact-of-gdpr-for-your-company thumbnail

Comsave in the news

  • your-voip-by-comsave-what-to-expect thumbnail
    Wednesday, June 27, 2018

    VoIP blog 9: Your VoIP by Comsave, what to expect?

    While analog ISDN-support is being phased out, VoIP is taking of as the future of business telephony. Why is VoIP the solution for your company and what can Comsave offer you?

  • different-platforms-xelion thumbnail
    Wednesday, June 20, 2018

    VoIP blog 8: Different platforms; Xelion

    In our previous VoIP blog, we told you about the 3CX platform. This week we’ll introduce you to the Xelion platform. Both platforms are comparable, but what are the most important differences

  • different-platforms-3cx thumbnail
    Wednesday, June 13, 2018

    VoIP blog 7: Different platforms; 3CX

    VoIP has different platforms, but how do I instal them, on which devices and what are these platforms? Here we introduce you to 3CX.