From the 25th of May 2018, the EU General Data Protection Regulation (GDPR) will change how personal information is collected and processed within the European Union.
In this article, we will provide a brief overview of GDPR, and how it might impact ApprovalMax and our customers.
Please note: This article is provided as a resource. It is not legal advice. We encourage you to speak to a legal professional to better understand how GDPR may affect your organization.
8 GDPR Questions You Need Answered
1. When and where does GDPR come into effect?
GDPR is a European Union (EU) privacy law that will affect businesses around the world when it comes into force on May 25, 2018.
2. Who it will affect?
Any organization that collects, changes, transmits, erases, or otherwise uses or stores the personal data of EU citizens will need to comply with the GDPR.
3. What does it mean for companies and customers?
- Companies need to ask customers for their data in a clear and accessible way.
- Customers will have the right to ask organizations to delete their data.
- Customers will be able to ask for information on how and why their data is being processed.
- Customers will also be able to request copies of their data in a machine-readable format.
- If data has been breached, companies must inform customers within 72 hours.
4. Is this a new regulation?
The GDPR will replace older directives on data privacy: Data Protection Directive (1995) and ePrivacy Directive (1998).
5. What does it mean for Data Controllers & Data Processors?
While the definitions have not changed, it’s important to be aware that the responsibilities of both have. Under the GDPR, member firms will still be data controllers with regards to their firm’s data.
It also brings a change in the rules if you’re a data processor, processing personal data on behalf of another business. You’ll have more direct compliance responsibilities than under the current law. This is a complex area and legal advice may be required.
6. What is ApprovalMax doing to prepare?
Here at ApprovalMax, we’re very excited about the GDPR, and the strong data privacy and security principles that it emphasizes.
In short, we are a GDPR-friendly software solution.
We’ve been preparing for the introduction of the GDPR for months, modifying many of our internal practices, policies, processes, and documentation to achieve compliance. You can read about how we did that on our website here.
In addition, we will be prepared to address any requests made by our customers with regards to their expanded individual rights under the GDPR, including:
- Right to be forgotten,
- Right to object,
- Right to rectification,
- Right of access,
- Right of portability.
7. What about the personal data processed by accountancy firms?
Good question! As 30% of our clients are accountancy firms, we understand that our product may form part of the process that businesses need to implement to ensure they themselves are GDPR-compliant.
We pride ourselves on being a solution that accountancy firms can trust. To that end, we’ve prepared this useful guide to explain things further.
8. And what about other client types?
It’s vitally important that we help our clients manage their data in such a way that it builds trust and increases data control.
In short, we are fully GDPR-compliant for all of our customers, no matter which business type they are. If you have any questions surrounding GDPR, please contact us.
The last thing we wanted to do with this article was overwhelm you with too much information.
If you’d like to learn more about GDPR, how it will impact your business, and what we’ve done to prepare, please read the following: