EU General Data Protection Regulation
in less than 5 minutes

Legal requirements | 04. DEC 2017

As of May 25, 2018, the new General Data Protection Regulation (GDPR) will apply. The regulation’s aim is to protect natural persons with regard to the processing of personal data and on the free movement of such data.

New consumer rights, their enforcement and sanctions

The GDPR clearly promotes consumer’s information and disclosure rights, as well as the right to be forgotten. In exercising these rights, citizens are supported by newly defined, internationally cooperating regulators holding a great deal more authority and wielding more appropriate means of enforcement than the existing data protection supervisors do. Especially businesses are subject to debilitating fines in double-digit millions, or up to 4% of their global returns from the past fiscal year.

Business and organization obligations

Businesses with more than 250 employees must maintain detailed records documenting all personal data processing activities. All companies must exercise data economy and earmarking when collecting data. In addition, information and disclosure obligations must provide customers transparency regarding from where, why and for how long personal data is stored and processed. This new demand for data portability also requires that all of a company’s personal data is machine-recognizable upon transfer.

Furthermore, the GDPR also includes an accountability principle with respect to customers. Companies must prove their compliance with regulations concerning personal data processing. Otherwise, they are subject to the heavy fines mentioned above.

No matter which rules and processes apply to your specific company, all businesses should keep in mind that the right of access by the data subject (Article 15) is usually fulfilled by electronically transferring a copy of the existing personal data. However, the personal data being transferred must be protected. The required integrity and confidentiality in electronic communication can only be attained with encryption.

Zertificon’s Z1 SecureMail Gateway makes it very easy to exchange personal data fully GDPR-compliant with every email address.

Source: Regulation (EU) 2016/679 from 27 April 2016

Click here for further information on the EU General Data Protection Regulation:

The countdown has started – a quick quiz on the GDPR
GDPR as an impetus for email encryption projects