The GDPR, or the General Data Protection Regulation, became applicable within the EU from 25 May 2018. This means that companies, organisations, foundations and associations will have to have their personal data registers in compliance with the enactment. The regulation applies to all institutions that collect, keep and handle their employees’, customers’ and other partners’ personal data. Of all recent organisational regulations, the GDPR is among those with the widest coverage.
This data-protection regulation has roused a lot of discussion, as it obliges all organisations – against sanctions – to make their stakeholder documentation GDPR compliant. This concerns all information that identifies a person: name, email address, ID number/code, telephone number, home address, IP address and web cookies.
The GDPR comes, however, with a good purpose for both individuals and companies. It provides EU citizens with a better opportunity to control their personal data. In an increasingly digital-driven world, it improves our rights and gives us more privacy. For companies, it enables uniformity of regulations regarding personal information.
Seeing the advantages behind obligations
Companies should see the GDPR as an opportunity and turn its cons into pros. Handled and communicated well, GRPR compliance reinforces credibility. Properly-maintained registers also benefit the organisation’s internal processes, including marketing and sales, in many ways.
Regardless of its far-reaching implications, GDPR compliance is not too difficult to achieve. Its key words are necessity, visibility and data security, and many companies meet these requirements already: their HR/stakeholder documentation is available for justified purposes only, and the information is up to date and safely stored. If the records are maintained in highly-encrypted data storage with relevant file descriptions, the company is another step closer to compliance.
“Rather than a single project, ATA Gears sees GDPR compliance as an on-going process requiring continuous upkeep.”
How has ATA then prepared for the demands? With our management’s backing, we have defined the processes of personal data management and analysed them for possible risks. Our GDPR taskforce has representatives from ATA’s HR, IT and marketing/sales functions. We have determined and documented why the data is collected, where and how it is used, and by whom. Based on that, we have discarded any outdated or unnecessary archives. We had previously updated ourselves on the access rights and data security of our IT systems and equipment, and on our contracts with service and system providers. The usage purposes of all ATA registers now have up-to-date privacy descriptions.
Human error is the biggest risk factor in confidential information. At ATA, we have instructed our workforce about the safe use of IT equipment, the demands and changes due to GDPR compliance, and about employees’ new rights.
Rather than a single project, ATA Gears sees GDPR compliance as an on-going process requiring continuous upkeep. Openness and honesty in all we do and looking after our employees’ and customers interests belong to ATA’s core ways of operation. Complying with the GDPR requirements is one form of proving our integrity.
Timo Reunanen, ATA’s Marketing Manager
His hobbies include coaching tennis, sport books & reading.