During the last months it appears that the biggest concern of the companies is the EU Regulation 2016/679 issued by the European Parliament and European Council on 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), either by rushing to obtain, no later than 25 May 2018, the consent of different natural persons with whom the company had a relationship at a certain time, with a view to maintaining this relationship, or by focussing on the implementation, in one way or another, of GDPR, after 25 May 2018, but in a more relaxed way, given the fact that the deflagration called GDPR enforcement has not happened yet.
This tension was and it still is, generally, the result of GDPR provision of the maximum limit of fines which may be applied in case of failing to observe the requirements of this normative act, which more likely seem to be without limit.
But, if GDPR is analysed as a whole, we may observe that these fines cannot be applied without a careful investigation, the lack of which represents an abuse in enforcing any sanction.
Moreover, beyond the fact that GDPR does not change the foundation in the field of Data Privacy, this normative act brings in fact a series of benefits and advantages.
Therefore, GDPR was adopted by the European Parliament in April 2016 and starting 25 May 2018 it shall be applied to all companies processing and holding personal data of natural persons – EU residents, regardless of the place the company is located. This was designed in order to:
- ensure the standardisation of data confidentiality in Europe,
- protect the confidentiality of citizens’ data, and
- remodel the way the companies within the region think and enforce the data regarding confidentiality.
Therefore, in a world where even young children are using a smartphone, respectively the social networks, it can only be appreciated such a policy of raising awareness in respect of the disclosure and use by different persons of our personal data.
We are not insisting on the positive aspect from the point of view of natural persons protected by GDPR, each reader falling into this category and being able to easily understand this endeavour which practically represents a legislative concretisation of the technological developments.
To deny this aspect means, for instance, to deny the benefits of the legislation passed in the field of Consumer Protection, i.e. to send again telegrams even if we are one second away from hearing live the voice of the interlocutor.
Therefore, walking through the comparative lead, many benefits shall be later felt.
However, we appreciate that, at least for the moment, also from the perspective of companies, there can be considered the following positive aspects of applying GDPR, underlying applying because GDPR came into force, as stated above, even from 2016, when practically it was possible, but not compulsory to adopt measures in accordance with GDPR provisions.
As such, by applying GDPR you can obtain the following:
- trust, honesty and loyalty of clients to the company brand,
- a new start – being the beginning of an era really oriented to the clients, the brands can reinvent based on the wishes of their clients,
- efficiency – GDPR requires that the personal data is not kept more than necessary, and therefore, the instinct is to find at least a legal base to process (even the simple storage of personal data is
- circumscribed to the processing activity) the personal data already obtained, but is this profitable as long as certain persons do not contribute in any way to the growth of the company?!
Reviewing the situation from another angle, we also identify some negative aspects, respectively:
- costs – if in the structure of your company’s activity there are no risk evaluations or audits to prove the compliance with other domains, such as quality, health and safety or security of information, it is
- normal that the implementation of GDPR to incur costs, sometime significant,
- time and effort – the implementation of GDPR provisions involves certain efforts for a certain period if you have neglected the organising of processing or merely due to new technical measures which can
- be implemented with a view to provide a personal data high security level.
- winding up companies with an ultra-conservative approach – such companies ,which are not big fans of competition, shall lose the capacity to use the personal data, as there most valuable asset.
Apart from these, the implementation of GDPR requirements shall improve the business process, making the company more efficient and bringing a competitive advantage.
If you decide to appoint an external organisation to manage the implementation of GDPR provisions, we can assume this role. We shall effectively become part of your team only until you acquire the necessary knowledge to perform an activity according to GDPR without our help.
We can start by elaborating a project to implement GDPR.