General Data Protection Regulation
The new 2016/679 regulation about protection of personal data, starting 25th May 2018, defines the rights and obligations regarding the gathering, processing and movement of EU citizens personal data.
Usually known by its GDPR initials, the General Data Protection Regulation is a direct application regulation that aims to allow a high and coherent protection level, equivalent in all member states, and extensible to external EU organizations that work with EU citizens personal data.
With globalization happening as fast as ever, personal data gathering has seen a significant increase, becoming a critical part of the organization activity, either from a marketing and sales context through a CRM, as from the simple archive of personal data for later usage, or even from the data transfer to a third party, including into external EU locations.
When in an organization context, the personal data about workers, clients and suppliers is covered by the regulation, taking special consideration when it comes to sensitive data, such as medical and biometric information, and children data.
This creates a new challenge for the organizations since now they have the responsibility to manage personal data in a much responsible way in order to guarantee the GDPR compliance.
GDPR compliance solutions
The defined rules have legal, functional and technological implications with a direct impact in the way the organization gathers and treats personal data.
In order to be compliant with the GDPR, an organization has to obey with the regulation rules when it comes to personal data treatment. Thus, an organization needs to know a what is going on with the personal data, namely:
- what personal data exists;
- where it is;
- how it is accessed;
- who as access to it;
- what is done with it.
This assessment forces the organization to take action and correct the processes that imply personal data treatment in order to achive GDPR compliance.
The defined rules have legal, functional and technological implications, they even define a new accountable figure, the Data Protection Officer (DPO).
The DPO is the organization top responsible for control of the personal data activities and is the supervisor authority communication interlocutor.
Hexónio understands the GDPR
Hexónio Consulting, with legal support and certified consultants in this regulation, offers services or organizational analysis with the goal of identify the corporate processes which its features require adoption to comply with GDPR.
To simplify the DPO daily work here is the Saas solution DPO Agenda
Read our articles about GDPR