No reason to panic!
EU General Data Protection Regulation
- Last updated
- Reading time
- Category Company news
6 Possible applications for GDPR-compliant processes
It entered into force on 25 May 2016: The General Data Protection Regulation -GDPR. Now, two years later, it will come to force and replace the existing Data Protection Directive 95/46/EC. It will not completely change the data protection law within the European Union, but it will further tighten and standardize it. In practice, this means a considerable effort for all those who work with personal data.
For companies, new transparency and information obligations are derived from this, which must already be taken into account when introducing or exercising new technologies or working methods (privacy by design/by default). You must therefore document exactly which data is stored in a process by a person, who can call it up and delete it if necessary and prove that these steps have been taken. Violation of the new requirements could result in severe penalties of up to EUR 20 million or 4 percent of total global annual sales. Compliance is monitored by the EU data protection supervisory authority and the courts.
Digital tools and technologies based on digital processes and comprehensive workflows can help to reduce manual additional work and costs. Conversely, automation creates traceability and security for all involved. We have selected six examples of GDPR-compliant digital processes with JobRouter® to illustrate this added value.
GDPR - Short facs
This Regulation lays down „rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data“ (Art. 1 para. 1 GDPR) and thus „protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.“ (Art. 1 para. 2 GDPR) and the free "movement of personal data" (Art. 1 para. 3 GDPR). These provisions apply equally in all EU member states and thus supersede existing regulations. Therefore, the GDPR is directed to all those who access, process or store information provided by EU citizens. Furthermore, any data traffic concerning data from the EU may only be stored on servers within the Union.