The GDPR (General Data Protection Regulation) has been on everyone’s lips for over a year now. Every company has taken certain precautions, but it still seems to be a very complex topic with a need for clarification.
Companies with more than 9 employees (who have access to personal data) are even obliged to designate a data protection officer to ensure that all processes are GDPR-compliant. But what really needs to be considered?
Legal texts are all Greek for many people. For this reason, we took a closer look at the GDPR.
What is GDPR?
The GDPR (General Data Protection Regulation) is a regulation in the EU law, protecting the privacy of individuals in the European Union and the European Economic Area. It was introduced in May 2018 and it replaces the Data Protection Directive 95/46/EC.
Why GDPR?
First of all, there is a simple question. Why the GDPR was introduced at all when it causes companies many headaches and also leaves individuals with a large question mark behind?
It's simple. The GDPR allows people to have a better control over their personal data and companies can benefit from an equality of competition. This means greater data security for everyone - that sounds good! Nowadays, there are regular discussions about how secure our data really is on the Internet. In addition to social networks such as Facebook and Instagram other companies (e.g. Google) are also regularly criticised for their data management and we ask ourselves where our data is, how secure is it, and what happens with it?
This is where the GDPR comes in, as it regulates the processing of personal data of natural persons by natural persons, companies or organisations in the EU. It therefore protects us and our data. That's great!
Penalties for infringements of the GDPR
In case a company does not work in line with the GDPR, penalties will be awarded. If an organisation does not comply with the regulation, fines will be increased (up to 20 million Euros or 4% of the company’s annual global turnover).
Principles of the GDPR
In order to get a general idea, you find some important principles of the GDPR below:
- Appropriation
Only data that serve the purpose for which they were collected may be processed. So, if you have collected data on topic X, you may not simply use it for other purposes. - Data correctness
Collected data must be factual and accurate. - Prohibition subject to authority approval
Personal data can only be collected with explicit permission (consent of the affected person). - Data security
A level of data protection must be ensured. - Right to be forgotten
As a company that collects customer data, you are required to delete the customer data upon request. - Right to access
Customers must be able to access their data at any time. - Right to be informed
It is important to inform customers what exactly happens to their data, for what purpose it is collected, how long it is stored, etc.
Mobizon and the GDPR
Here we go
- Add a general terms and conditions field to inform your customers why, how, and for how long their data will be stored and get their consent
- Deletion of personal data upon request.
- Opt-in with two-factor authentication (2FA): two different, but related methods for identifying a person: verified data.
- Unsubscribe link.
- Possibility to change the data afterwards.
Please note that the information provided does not constitute legal advice. It is merely an attempt to shed some light on the subject.
More official information about the GDPR you can find here:
- https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
- https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679#d1e2254-1-1
Test all of our products
30 days for free
