On May 25, 2018, the transitional period comes to an end and the EU-GDPR will be mandatory throughout the European Union. No reason to bury your head in the sand. Instead, you should create the prerequisites for successful implementation, step by step – with a good plan and realistic approaches. We have summarized the most important points for you here.
Four fundamental measures
Identify what personal data are located where in your company and how they are preserved or digitally stored.
Establish data models, automatic processes, and workflows in your IT systems which will put you in the position to be able to provide data subjects with information about what data are stored in your company and how.
Implement data protection management in your company’s IT system and monitor, your access and authorization concepts, for example.
Last but not least, monitor the requirements of the EU-GDPR continually and carefully.
What is the goal?
The goal is protecting people against the risks of data protection breaches. This applies to both paper-based business processes and digital data processing.
For the implementation of this goal, data subjects now have the right to learn which of their data are retained by you and how they are stored in the company’s IT systems. Under certain circumstances, data subjects may request the blocking or deletion of their data. But even without direct demand by the data subjects, companies must delete such data when the purpose for their use no longer applies.
Monitoring and penalties
Compared to previous regulations, the significantly expanded sanctions which companies can expect for violating the right of data protection are considerable. Beginning May 25, companies will pay up to 20 million Euros, or four percent of their total revenue, for serious violations of the EU-GDPR – and theoretically for each violation.
Companies are accountable. Documentation such as registers of processing operations and data protection impact assessments must be presented to the regulatory agency on demand. That means the company must prove that the data have been processed correctly.
How do IT systems help you to be in compliance with the EU-GDPR?
Privacy by Design
Privacy by Design means data protection through technical design. In order to become or remain GDPR-compliant, you must migrate to a system which allows you to implement the requirements technically. Required processes (deletion periods, for example) must be already set up in the implementation phase so that you can maintain the guidelines as automatically as possible within the company.
Privacy by Default
Privacy by Default, on the other hand, describes the technological parameters of an IT system in its “delivery state”. It must not include any settings which violate data protection and which must later be painstakingly corrected.
With EASY SOFTWARE, you can count on it.
In short, introduce automated processes to your company with EASY.
GDPR-compliant with EASY SOFTWARE
Document management systems can help you, because they allow you to control where personal data are stored in your company and who has access to those data. With the right data model, you have quickly handled the “identification” step.
DMS systems can also help you to specify standard deletion periods in a short time. You can revise the deletion periods, which are set up individually, in the second step.
For example, our product EASY Archive Smart essentially permits GDPR-compliant operation. To do so, you make appropriate configurations – even later – to scenarios and connected IT systems in order to be able to archive personal data in compliance with the GDPR.