What is GDPR?

GDPR stands for General Data Protection Regulation.

The General Data Protection Regulation, or GDPR, came into effect on 25 May 2018 and replaces the EU’s 1995 Data Protection Directive.

GDPR is an EU regulation on data protection for all persons in the EU. It is thus a central regulation within international data legislation, which applies to companies that process personal data from EU citizens inside and outside the EU. It doesn’t matter where the companies are physically located: If you as a company handle data from EU citizens, the company must comply with the GDPR.

The GDPR applies to all organisations with EU or national customers and applies to any type of data, including names, addresses, email addresses and IP addresses. EU data protection legislation is set out in the Charter of Fundamental Rights, which was included in the Treaty of Lisbon in 2007. The EU Data Protection Directive of 1995 (Directive 95/46/EC) established a system for the protection of personal data processed by employers and others.

The GDPR consists of 99 articles, which contain the various rules and regulations regarding the protection of personal data and privacy. These articles cover various topics, such as the processing of personal data, rights of individuals, principles of data processing, responsibilities of data controllers and data processors, as well as sanctions and enforcement mechanisms.

The purpose of the GDPR is to give EU citizens back control over their personal data. People must (and should) have the right to know what information companies have about them. From a societal point of view, GDPR gives people rights to demand insight into previously uncharted territory. The regulation gives individuals a number of rights, including the right to know what personal data is collected about them, the right to have this data deleted and the right to object to its processing. Having said that, complying with the GDPR – also known as compliance – can be a big mouthful for companies.

As of May 25, 2018, all companies doing business in the EU have had to comply with the GDPR. Since the regulation gives EU citizens more control over their personal data, this means that companies must be able to protect personal data and comply with the GDPR in order to process personal data on EU citizens. The regulation applies to both data controllers and data processors.

The GDPR has a significant impact on your business as it requires all processing of personal data to be carried out in accordance with strict privacy protection rules. This means that your company must be aware of and comply with various GDPR requirements, including obtaining consent from individuals before collecting and using their data, ensuring proper handling and storage of personal data, and implementing appropriate security measures to prevent unauthorised access or leaks.

To meet these requirements, it is crucial to raise awareness of the GDPR among all employees in your company. This can be achieved through extensive training and education covering the basic principles of the GDPR, with a particular focus on handling personal data and protecting privacy. Employees should understand their roles and responsibilities in relation to GDPR compliance, including how to respond to requests for access to personal data, ensure confidentiality of data and report any security breaches.

In addition, your company should implement secure email procedures to protect personal data during communication. This may include encrypting emails, using secure passwords and authentication, and avoiding sending sensitive information through unsecured channels. By raising awareness of the importance of having a safe email, your business can reduce the risk of data leaks and breaches of GDPR regulations, while maintaining the trust of customers and stakeholders.

Failure to comply with the GDPR can have serious consequences for a company. Violation of the GDPR can cost both fines and – perhaps even worse – trust.

To begin with, you have to accept that the journey to becoming compliant does not end immediately, but is a continuous process. To help you comply with GPDR, we have prepared a checklist for GDPR, where we have divided the process into steps, so that you can take them one at a time.

However, there is no escaping the fact that there is a lot of manual and time-consuming work associated with complying with the GDPR. To get help with the heavy work, you can make use of GDPR software that has been developed for this purpose to great advantage.