The harmonisation of the policy for use of data by companies represents a challenge and a heavy workload. thg has the necessary qualifications and offers practical solutions to SMEs that will allow them to adapt their internal procedures and to transform the obligations of the new regulation into many new opportunities.
Everyone is affected
The GDPR gives everyone the right to know who has collected which data about them, and how this data is used. Another strong point of the new regulation: it applies not only to companies based in the EU, but also to all the American giants (GAFA and others). They can no longer invoke the applicable laws in their country to ignore the EU regulation.
In case of non-respect of the GDPR, a fine of up to 4% of the global annual revenue of the company may be imposed. Any person, competitor or consumer protection association can file a complaint and claim damages. As for the national control authorities, they can limit the processing of data.
Some people are pleased with the reform, others consider it paternalistic. Regardless, it is imperative that the company adopt the necessary measures to comply with the regulation. Our IP/ICT solutions department can assist you in this mission and assist people who want to exercise their rights.
Your colleagues are also citizens
The GDPR establishes new rights for citizens...some of whom are your employees. Some examples: the right to explicit consent, the right over the use of data, the right to access and rectification, the right to be forgotten, the right to object. This creates certain obligations for the companies (and they are numerous!) that process internal and external personal data.
The principle is that a company is responsible for the processing of data and that the protection of this data represents the norm. As a consequence, the company must keep an up-to-date register of data processing, take organisational and technical measures to protect this data and implement the necessary protection mechanisms; for example, to prevent data leaks or to protect data during a transfer. Companies must also evaluate and document the impact of data protection on their own activity. In some cases, they are obliged to designate a Data Protection Officer (DPO).
Taking advantage of opportunities
The GDPR may give the impression of being an expensive headache in human and financial investment. However, it offers a certain flexibility (notably a more targeted commercial utilisation of personal data) and contributes to reinforcing the trust between clients and companies. It must be noted that the differences between countries have been abolished: good news for the companies that operate across borders.
Overview of measures to be taken:
- Designate, in some cases, a person responsible within the company, for the protection of personal data in the company
- Collect and list the current processing of personal data, notably that of your clients and employees.
- Adopt a policy of awareness and evaluation of the risks
- Establish a list of priorities
- Organise and adjust internal processes, adaptation of existing contracts
- Ensure a regular follow up and document
Actively manage your data
The GDPR contains a certain number of risks that may put the reputation of the company in jeopardy or could cause heavy fines in case of non-respect. Fortunately, it also offers the possibility of obtaining commercial advantages by actively managing your client data and by reinforcing the trust binding you to your clients.
Questions? Contact our IP/ICT Solutions specialist to obtain more information: