What is GDPR? Get a grip on requirements and rules here

What is GDPR?

GDPR stands for "General Data Protection Regulation", but is often referred to as the Personal Data Regulation. It is an EU law that covers countries that are members of the EU. The purpose of the GDPR regulations is to promote the company's protection of personal data, e.g. information about employees and customers.

However, it can be difficult to understand the many GDPR rules, especially if you have a small business. Most companies also find that they have limited knowledge of the rules, which is quite natural, as the GDPR rules can be complex and abstract.

Therefore, in this article, we will make you aware of the following topics within GDPR:

• When your company is covered by the GDPR regulations
• What the main GDPR rules entail
• Why it is crucial to have a handle on the GDPR guidelines

When is my company covered by the GDPR regulations?

All companies that regularly process personal data are covered by the GDPR legislation. Your workplace is for example covered by the GDPR guidelines if:

• You have employees
• Your customers are private individuals
• Your customers are personally owned businesses
• You have a website where you track the behaviour of the visitors

What are the main GDPR rules?

The GDPR regulations must promote companies' protection of personal data. The workplace must, among other things, make sure to document how personal data is processed and whether it complies with the legislation.

All GDPR rules are important, but there are 5 rules that you should pay particular attention to:

1) You must keep a record:

Here you need to form a clear idea about how many places/platforms you store information about your buying customers on, e.g. in the inbox, outbox, CRM system, newsletters, bookkeeping system or chat system.

In addition, it must be clarified how long you store this information.

The information must be noted in the 'list'. The purpose of the list is to give your company an overview of the personal data that is processed.

All processes that deal with personal data must be mapped and documented in the register, and updated continuously when changes are made in the processing of personal data

2) Document that the legislative principles for good data processing are complied with:

There are 7 principles here, namely:

You can read more about the 7 principles at ico.org.uk

3) Document that your company has introduced appropriate technical and organisational measures

4) Inform customers and employees about how their data is processed

5) It must be possible to prove that the workplace complies with the legislative guidelines, for example if consent is used

In addition to the above 5 rules, there are other important topics that your workplace must manage, e.g.:

• A risk assessment of the processing of personal data must be prepared

• Your company must enter into special agreements on data protection with its data processors

• The workplace must supervise its data processors

• Your company must also comply with the rights of customers and employees

Why is it important to keep track of GDPR?

It is crucial that your company has a handle on the GDPR rules, as the rules are a piece of legislation  and it can result in large fines for your workplace if the guidelines are not followed. The topics below clarify why it is crucial that your company has a handle on the GDPR rules:

Legislation: The GDPR rules are legislation, which is why they must be complied with

 

 

Brand: It is important that you signal to your customers and business partners that you have familiarised yourself with the GDPR rules. It will make you and your workplace appear more professional and thus more interesting to buy from or work with

Security: As previously mentioned, the GDPR rules deal with security and how your workplace secures the personal data of customers and employees. In this way, the GDPR rules can also create safety frameworks regarding data security

Documentation: Your workplace must be able to document that it complies with the guidelines of the GDPR legislation

An overview of business processes: GDPR regulations do not have to be all about data protection. It can also be an opportunity to acquire an overview of workplace processes. In this way, you may be able to streamline work routines

Communication: It is important that all employees in the company know the rules so that the workplace can communicate with customers and business partners. Therefore, it is also essential that middle managers and the owners have a thorough knowledge of the set of rules, so that they can communicate with their employees in the best possible way

Customer rights: Your customers have a number of rights regarding GDPR and your business must be able to accommodate these rights. An example of this could be the right to "be hidden away". This right means that your company must delete or anonymise selected customer data, after which the information can no longer be obtained

Fines: There can be major financial consequences if your workplace does not comply with the GDPR rules. The EU has decided that the fines should have a deterrent effect, which could mean that more companies comply with the GDPR guidelines. A company can risk a fine of up to 20 million euros or 4% of global turnover. In addition, the person responsible for a GDPR violation can be imprisoned

As an employer, there are many laws that must be complied with. Do you know, among other things, all the rules within equality?