Securing personal data will be subject to a new regulation starting next year (from May 25, 2018, to be precise). Under the acronym GDPR, the new regulation will concern all companies, institutions and individuals who work with personal data in any way.
Due to the fact that our translation company works with personal data (of employees, business partners, suppliers…), we are carefully getting ready. Moreover, one of the pillars of our translation company is absolute discretion in regards to such data.
So what is GDPR? Does it concern your company? And do you need to deal with it? Read on to get answers to those questions and more.
GDPR (General Data Protection Regulation) is a regulation of the European Parliament and the EU Council No. 2016/679 from April 27, 2016 on the protection of individuals in regards to processing personal data and the free movement of this data and on the cancellation of directive No 95/46/EC (the General Regulation on the Protection of Personal Data) – you can find the complete version in the official documentation.
What’s important is that this is not merely a recommendation, nor a voluntary adoption of new policies in the processing and protection of personal data – this is a binding regulation that must be respected and aligned with.
The Individual Member States of the European Union will, consequently, have to amend their personal data protection laws in order to comply with this regulation.
Mainly this concerns the right of access, rectification, erasure, the right to be forgotten, the right to limit processing, the portability of data and, last but not least, the right to object. You could say that this regulation will give EU citizens far more control over the way their data is handled.
GDPR is mainly concerned with large processors of personal data. But anyone who works with personal data for business purposes, including small businesses and even individuals, will also need to abide by it. From our point of view, it is correct that both the European Parliament and the European Council dealt with this matter, and subsequently issued a meaningful legislative document. Both in content and in force, in regards to sanctions. Perhaps you still remember the recent scandals concerning the giant leaks of personal data from databases of the FBI and from Yahoo. The new regulation aims to prevent similar cases in the future.
Many people do not realize how much of their personal data companies or institutions have and how it is handled. With the help of GDPR and the related national laws, EU citizens will have more rights and will be able to better protect their personal data.
The GDPR regulation is quite extensive and detailed, it doesn’t make sense to go into too much detail about it here. It is important to mention, however, that among common personal data (such as a name, or an address), GPRD also incorporates data such as email addresses, IP addresses, cookies, biometric data, signatures, etc.
It is imperative that not only every company and institution, but also every individual working with personal data revise their methodology and procedures in a way that conforms with the requirements of GDPR. This regulation proposes very high fines for the violation of or noncompliance to the requirements of GDPR, up to the amount of 20,000,000 Euro, or 4% of the company’s total annual turnover. That said, individual states will probably adjust the maximum amount.
Companies that carefully guard the personal data of their employees, business partners, or suppliers, will certainly enjoy the increased trust if they abide by the rules of GDPR. Institutions that manage personal data will be forced by law, to also abide by GDPR.
We’ve always taken the safety of data very seriously, and our clients, employees and suppliers know that we are 100% discrete. Personal data is a very valuable asset for every company, and we believe it is vital to closely guard it. At ZELENKA, we deal with data protection with the utmost care and we’re convinced that we have everything arranged in accordance with current laws and directives.
Nonetheless, GDPR brings about new requirements, so even we are starting to revise our documentation and methodology so as to be fully ready for May 25, 2018, when the General Data Protection Regulation comes into effect.