What Is GDPR and Why It Matters?

The phrase “data is the new gold” couldn’t be more true than it is now. We’ve talked and heard lots of things about the upcoming data protection policy changes over the past few years. Finally, the time has come. Starting from May 25, 2018, the General Data Protection Regulation (GDPR) comes into power, which will have a serious impact on the way that companies deal with the data of their employees and customers.

The adoption of the GDPR means strengthening the European privacy protection policy. It applies to both EU and non-EU processors of personal information. For instance, if an Asia- or US-based organizations want to conduct ecommerce in the European Union (which presupposes processing some amount of personal data like names, credit card information, address), the GDPR is applicable to it as well as to all EU-based companies. Furthermore, it applies irrespective of whether or not a payment is required, as with most of Google’s services, Instagram, and Facebook.

What is GDPR?

GDPR is a law that aimed to improve the protection of rights of the EU data residents by regulating what organizations that process personal data must do to keep this data secure. It replaces current legislation regarding data privacy in countries of the European Union. However, unlike the today’s legislation, GDPR is far more precise and detailed in certain areas, and considers the rise of data privacy risks as well as all other challenges in the rapidly evolving digital community.

What’s new?

From now on, any organizations that process personal data will have to document all the processings and ensure they are lawful by checking if necessary agreements are in place, providing information on data security procedures and documenting their existence.The processing operation (everything that is done with personal data by a company) should be related to either:

the monitoring of the offering of goods/services as far as it takes place within the EU
the offering of goods/services even if no money or monetary transactions are involved

Briefly about GDPR

Allows for massive penalties for data breach
The “privacy by design” principle = all current workflows and processes will need to be rebuilt
The need to appoint data protection officers in all companies
The “right to be forgotten” principle. Respect for requests to erase or delete data permanently
Data should be stored via open file formats
Companies will need to get clear consent from individuals for their data to be collected, and explain the purpose

In brief, the GDPR creates new obligations for those who process data as well as many new rights for ordinary users.

Note: the GDPR has implications for all organizations no matter their size. In other words, the GDPR applies to ALL companies, even if they do not initially work in the EU and/or with European customers. Which is why companies of all sizes must begin planning now in order to put all necessary processes in place.

Why GDPR is important?

Nearly every organization is processing some amount of personal data on a regular basis. In order to apply the new EU data protection principles, both the EU and non-EU residents will have to reconsider their data management methods to avoid bad publicity, massive new fines, and thereby stay compliant.

Note: in addition to the implementation of the GDPR principles in the company, you will need to create a static page for users containing the company’s GDPR rules.

If a company demonstrates to its partners and clients to be data protection and privacy responsible and aware, they are more likely to have a long-lasting relationship with them. At Loonar Studios, we are aware of the importance of the GDPR and which is why we take it very seriously. For us, it is crucial to protect the personal information and privacy of our partners, employees and customers. GDPR compliance is a must for our reputational image as well as business practice.That is why we have already implemented the GDPR principles into our company. What about you?