From May 25 2018 any business in the European union or EEA that processes personal data has to comply with the GDPR. This regulation replaces existing national legislation. The GDPR states requirements that have to be met when processing personal data. But what is the GDPR exactly? And how will it affect your organisation?
The GDPR, General Data Protection Regulation, will be enforced throughout Europe. This privacy regulation concerns ‘the protection of natural persons’, when related to the processing of personal data and the free flow of those data. The GDPR concerns all organisations that process personal data, including data on staff and clients. This means almost any business is affected by the GDPR.
Personal data have to be documented and managed correctly. It is more important than ever to put the interests of clients first and to be very careful with your clients’ data. Take, for example, sending a newsletter to customers. Under the new regulation this is only allowed after the customer has given their explicit consent. This will, for instance, reduce the intrusiveness of (unwanted) newsletters.
The GDPR has a big impact, but also offers advantages. The most important one is that there will be only one privacy standard for the entire European Union. And even though the Brexit has UK leaving the EU, it looks to be on board for the GDPR. When you comply with the GDPR, you will generally also comply with the regulations in all other member states of the EU.
With the new regulation, the EU wants to return to her citizens the control of their personal data. There are strict conditions and the GDPR is obligatory. Violations will be heavily penalised, with the risk of high fines of up to €20,000,000 or 4% of your annual turnover! Plenty of reasons to take this seriously. One of the changes for your business is that you will have to set up a processing register, to keep track of all personal data processing operations. You are also required to document all data breaches, even when these are not subject to the mandatory breach notification.
What’s more, a data processing agreement has to be concluded with all suppliers and purchasers who process personal data for you. A client’s permission could also be required when their personal data are processed. This is especially important when you supply IT services, since there often is chain responsibility.
Teaming up with Eshgro means you can rest assured knowing you are using a fully GDPR-compliant cloud service. Whether you are a business IT user or a service provider yourself. Contact us to find out more on how Eshgro helps you to meet GDPR requirements and leverage cloud to grow your business.
Do you have any questions about this topic? Please contact Eshgro.