Beginning 25 May 2018, any European company that manages Personal data will be required to comply with the new European General Data Protection Regulations (GDPR). These regulations will replace the Data Protection Act of 1998, and increase the privacy rights of individuals, as well as businesses of all sizes.

The GDPR are designed to ensure that individuals have more control over how their personal information is utilized, shared and stored. This includes private, professional or public data of any form, including details such as name, email address, bank data, IP address, images, social media posts, and medical information.

GDPR compliance is mission-critical

Non-Compliance with the European GDPR will results in stiff penalties, depending on the duration of the infringement and the level of impact. For serious breaches, fines may be imposed of up to a maximum of €20 million or 4% of global turnover, whichever is higher. This turns compliance with the new GDPR into a critical task for many businesses.

A timely transition

With the growth of the Internet and wide usage of cloud technologies, as well as the associated data breaches, there was a real need to modernize the EU Data Protection Act in order to provide companies clear guidelines of how they may gather, share and store personal data in today’s Digital Age. The new regulations also aim to streamline the privacy rules across the EU Member States, giving all citizens equal rights, regardless of the country in which they reside or do business.

New Guidelines

The new regulations impose specific obligations on businesses in relation to personal data. These include:

• One-stop-shop extended jurisdiction – The regulations will apply to any company collecting and/or processing personal data of any EU citizen, regardless of where the company’s physical offices are located.
• Explicit consent – Organizations will be required to obtain individual’s consent to store and use their data, and to provide proof that consent was given.
• Right to access – Companies must be able to provide electronic copies of private records to individuals who request information on what personal data is being processed, where that data is stored and for what purpose.
• Data elimination – Companies must have the ability to delete every instance of an individual’s data in compliance with the right to be forgotten, including backup data. EU citizens can also request that their data is no longer shared with third parties – who are then also obligated to stop processing it.
• Data portability –Upon request, organizations must be able to provide an individual’s personal data in a ‘commonly used and machine-readable format,’ so that individuals will be able to transmit their data to another data processor.
• Data breach notification – Organizations must notify the supervisory authority within 72 hours of discovering a serious security breach.
• Data protection by design – Now a legal requirement, companies must build security into products and processes from the start.
• Data protection officers (DPO) – A DPO – who can either be a contractor or staff member must be appointed in organizations with relevant volumes of data flows or a significant size.

More information about these guidelines can be found in Preparing for the GDPR – 12 Steps to Take Now issued by the Information Commissioner’s Office (ICO), the body responsible for the enforcement of the GDPR.

In short, start preparing now!

GDPR will have a far-reaching impact on many businesses, as a wide range of data is subject to these new regulations. Companies will need to look carefully at data stored in their Customer Relationship Management (CRM) systems; bookkeeping, payroll, and accounting systems; captured marketing data; emails and correspondence, both internal and external, as well as any other systems containing personal data of any sort.

Businesses operating within the EU must clearly understand the new regulations, and take specific actions to ensure compliance. Actions include reviewing the company’s data processing activities and identifying any gaps in GDPR compliance. Companies may be required to change long-standing processes, upgrade tools and implement new technologies.

If you have business operations in the EU and need help preparing for the upcoming GDPR, or would like to learn more about automating your financial processes, VATBox can help. VATBox, an automated, enterprise-wide, cloud-based VAT recovery solution, has successfully streamlined the global VAT recovery process, providing businesses with unrivaled visibility, compliance, and data integrity, and ultimately boosting its bottom line. VATBox is in full compliance with the GDPR act. Since the GDPR is the most both strictest and most encompassing of all country-specific EU Data Privacy Laws, it is taken as the baseline for compliance. Effectively, by adhering to guidelines provided by BDSG and complying with all of its requirement, VATBox complies with all EU Data Privacy directives. Let us show you how your company can thrive in today’s complex financial times and request a free demo here.

The post Data Privacy Is About To Get An Overhaul appeared first on VATBox.