General Data Protection Regulation

Data protection compliant step by step

Since 25 May 2018, the EU-GDPR has been binding throughout the European Union. If you have not yet done so, create the conditions for full implementation, step by step and with a good plan and realistic solutions.

Here we have summarised the most important things for you and show you how document management makes your work easier.

The most important facts about the EU-GDPR at a glance

Who is affected?

The EU-GDPR standardizes regional and national regulations for the special protection of personal data. It applies to companies, government offices, and organizations which offer goods or services to people living in the EU or which merely process personal data – that could be customer data, but also employee or supplier data.


Personal data are all those data which make a person identifiable, such as name, address, or even IP address. But also data which allow the indirect identification of a person. Furthermore, the GDPR does not describe any specific requirements for software solutions. However, the recording, management, and digital processing of personal data, in other words the use of software, must be GDPR-compliant.

What is the goal?

The aim is to protect personal data against unlawful, excessive, improper and unnecessary processing. The protection of individuals is therefore at the heart of the Regulation. For the implementation of this goal, data subjects now have the right to learn which of their data are retained by you and how they are stored in the company’s IT systems. Under certain circumstances, data subjects may request the blocking or deletion of their data. But even without direct demand by the data subjects, companies must delete such data when the purpose for their use no longer applies.

Monitoring and penalties?

Compared to previous regulations, the significantly expanded sanctions which companies can expect for violating the right of data protection are considerable. Beginning May 25, companies will pay up to 20 million Euros, or four percent of their total revenue, for serious violations of the EU-GDPR – and theoretically for each violation. Companies are accountable. Documentation such as registers of processing operations, extinguishing concepts and data protection impact assessments must be presented to the regulatory agency on demand. That means the company must prove that the data have been processed correctly.

Four fundamental measures

1. Identify

Identify what personal data are located where in your company and how they are preserved or digitally stored.

2. Report

Establish data models, automatic processes, and workflows in your IT systems which will put you in the position to be able to provide data subjects with information about what data are stored in your company and how. It must be possible to change, block or delete data in due time.

3. Protect

Implement data protection management for your company’s IT systems and control, for example, your access and authorization concepts and all other technical and organizational measures.

4. Monitor

Last but not least, monitor the requirements of the EU-GDPR continually and carefully.

Have the data been lawfully collected, processed and stored? Are the data still “correct”? Is the original purpose still available? Is it possible to check who changed or accessed the data? You should be able to answer “yes” to all these questions.

The most important thing is the documentation of all your measures and procedures for handling personal data.

How do IT systems help you to be in compliance with the EU-GDPR?

Privacy by Design

Privacy by Design means data protection through technical design. In order to become or remain GDPR-compliant, you must migrate to a system which allows you to implement the requirements technically. Required processes (deletion periods, for example) must be already set up in the implementation phase so that you can maintain the guidelines as automatically as possible within the company.


Privacy by Default

Privacy by Default, on the other hand, describes the technological parameters of an IT system in its “delivery state”. It must not include any settings which violate data protection and which must later be painstakingly corrected. With EASY SOFTWARE, you can count on it. In short, introduce automated processes to your company with EASY.


Privacy by DesignGDPR-compliant with EASY SOFTWARE

Document management systems can help you, because they allow you to control where personal data are stored in your company and who has access to those data. With the right data model, you have quickly handled the “identification” step.

DMS systems can also help you to specify standard deletion periods in a short time. You can revise the deletion periods, which are set up individually, in the second step.

For example, our product EASY Archive Smart essentially permits GDPR-compliant operation. To do so, you make appropriate configurations – even later – to scenarios and connected IT systems in order to be able to archive personal data in compliance with the GDPR.

About Thomas Meysel
Thomas Meysel has been product manager for EASY applications since June 2016. In his spare time he travels as a passionate hobby chef and author of cookbooks on East African cuisine. If the cooking results are unsuccessful, he reduces his frustration by going to the Borussia Dortmund football stadium.
Thomas Meysel
This might also interest you:
master data management
How to Get Your Master Data Management in SAP® Under Control
EASY Software Sponsors Nature Experience Weeks for Children in Mülheim
Invoice Management for Dynamics 365 Business Central
Back to topic Next Post