The world is on the verge of the new age of digital safety. May 25, 2018 is the date when the General Data Protection Regulation by the EU law becomes enforceable. The GDPR requires all the commercial entities operating personal data of the EU citizens to manage, store and defend it properly. The GDPR replaces the outdated Data Protection Directive which was used since 1995 and did not match the real life conditions.
The GDPR applies to any information relating person’s private, public and professional life, now including not only basic information (name, address, ID numbers), but also IP-address, cookie files, settings, photo, racial, ethnic, health, genetic, biometric data as well as sexual orientation and political views.
The new rules claim person’s right to delete his/her data completely from any commercial storage by request. Now, all business entities are obliged to ask a permission to collect and process personal data; the amount of information requested from the customer should be minimal.
Who really benefits from the GDPR implementation?
The EU General Data Protection Regulation has come as an answer to the changes affected privacy in the digital age. The risk of data security breach is named among the main concerns of Internet users around the world. People are afraid to lose finances and being involved in scams due to their stolen ID data therefore become meticulous concerning personal information security. The new conditions of the European Union data policy oblige both domestic and foreign companies to comply with the set of “digital rights” granted to the EU residents.
On one hand, new rules are more strict towards operating with personal data and penalties for violating them, but on the other hand, the GDPR gives the international companies clear and harmonized data-protection regulations throughout the EU. As it was stated in the legislation, any business collecting or processing personal information of EU citizens must comply with the new regulation regardless of its location.
The responsibility of parties involved in data processing is the next important innovation, as the GDPR puts the equal responsibility for data protection on all processing partners — not only companies owning data but also on their cloud providers, payroll service providers, SaaS and other vendors. All involved in data processing will be liable for penalties even if the fault is entirely on one of the partners. Therefore, all the contracts with processors and customers must be revised according to the regulation’s demands.
OK, but should the ordinary software users be GDPR compliant?
Online retailers, technology sector, software companies, financial and online services are among the most impacted by the GDPR industries, according to some surveys. For majority of companies GDPR compliance would mean hiring extra staff to maintain and monitor personal data records. Ordinary customers of the digital services are highly recommended to check their GDPR compliance and look for the alternative ones if needed.
We at CleverStaff ATS are responsible for personal data protection as a cloud-based software provider so we are GDPR compliant as well. Our team has already made all the necessary updates of our internal processes regarding security along with reviewing our encryption methods to verify they are fully satisfy the new requirements. We also had requested all our technical suppliers for their GDPR compliance, thus we can guarantee the same to our users.
Your friends from CleverStaff