What you should know about the new GDPR

In April 2016, the EU Parliament approved the new general data protection regulation for all EU countries and the GDPR will become effective on 25 May 2018. We show you the concrete changes of the GDPR and give you information about the EU regulation.

What is the objective of the GDPR?

The reasons for a new data protection regulation are specifically the market situation, which is driven by people’s data and personal information. In order to protect citizens from abuse and data protection violations, the DSGVO comes into force. The GDPR is intended to give companies’ data processing the required transparency, presuppose the accuracy of the data and limit the storage of the data.
Another objective is to harmonise data protection laws in European countries. The handling of data and the protection of privacy in the EU region should be covered by this Data Protection Act.

Who is affected?

The organisations concerned include all companies that collect or process personal data and work with EU companies and citizens or do business with EU citizens. This includes all suppliers outside the EU who offer their products and services to EU citizens. In principle, all organisations collecting data from EU citizens or cooperating with EU organisations are affected.

What’s all new?

The new Data Protection Regulation is an extension of the Data Protection Directive 95/46/EC and specifies how the personal data are to be processed. Companies are required to provide documentation and measures, such as an impact assessment or the documentation of data processing. It also protects citizens from complex documents and requires companies to draft data protection directives in clear and simple language rather than a difficult legal language. Companies with at least ten employees are obliged to appoint a data protection officer and report this to the competent authority.

What happens if the GDPR is violated?

If companies do not comply with the Data Protection Ordinance, sanctions and fines of up to €20 million or 4% of annual global sales, based on the higher amount, may be imposed. The new regulation also applies the claim for damages of affected persons to intangible damages. In addition, companies are obliged to report to the competent authority as soon as data breaches have been identified.

How important is a management system such as Symbio for the GDPR?

By managing the documents and maintaining the requirements in a management system, companies ensure the requirements of the EU GDPR. With a management system such as Symbio, companies present their data protection activities transparently and are ready for the audit. The documentation of risks and control steps are a key parameter for the audit to meet the requirements of the GDPR.

In Symbio you cover the requirements of the EU GDPR for risk management throughout and efficiently integrate risks and controls into your data protection processes. Transparent representation of data protection processes and data processing can be mapped with Symbio and thus meet the requirements of the GDPR. In Symbio you link your processes with the guidelines of the GDPR and have stored all specifications directly in the relevant process steps. The monitoring and control of the processes ensures that your company complies with the guidelines.