GDPR (General Data Protection Regulation) is an acronym used in the Regulation (EU) 2016/679) adopted by the European Parliament and the Council of the European Union. This Regulation will become enforceable from 25 May 2018 and organizations will be obliged to comply with it.
The Regulation applies to large and small businesses when they, for example, process data of their clients, use data for marketing purposes, have a camera system or an e-shop. It concerns all organizations with an employee commuting system, a customer database, or job seekers, they backup and archive data, contracts or they cipher data. That is all businesses with personal data stored by servers.Major obligations arising from GDPR include to:
- prevent information and personal data leak
- prevent an unauthorized access to personal data
- introduce anonymousness of personal data
- secure safe deletion/liquidation of personal data
- manage and monitor activities related to personal data
- secure resistance of systems processing personal data against failures and loss of data
- enable timely identification of security incidents, to analyze and document them
- regularly test personal data reliability
- introduce information and personal data enciphering
Companies are obliged to introduce the GDPR measures until 25 May 2018, when the EU Regulation comes into force. After this date, a fine up to EUR 20 million or 4% of yearly takings may be imposed.
If you contact us, we will help you introduce the GDPR requirements, propose suitable solutions, help introduce necessary processes and technology.