GDPR: The new General Data Protection Regulation

What is GDPR?

The new General Data Protection Regulation (GDPR) enters into force in May 2018. The Regulation replaces Directive 95/46 / EC, which was in force until today and aims to unify the legal framework for the protection of privacy of data in the European Union. In addition, GDPR aims to provide organizations with a simpler and clearer legal environment to operate, making the data protection law uniform across the EU.
The new legislation governs the procedures for the storage and processing of personal data, such as collection, registration, conversion, retrieval and use for various purposes. Personal data means any information that can be used to identify a physical person, e.g. Name, TRN, Social ID, etc.

In particular, the regulation attributes the following rights to EU citizens:

  • the right to notification and consent
  • the right of access
  • the right to be forgotten and anonymization
  • the right of data limitation and restriction
  • the right of data portability
  • the right of objection

Does GDPR apply to me?

Whatever your company’s headquarters (even if you are outside the EU), if you process the personal data of residents of the European Union, then the GDPR regulation applies to you.

What does non-compliance mean for my company?

Non-compliance implies the risk of administrative penalties and high fines, while damage to the reputation of an enterprise may be equally important. All companies will have to be in compliance by May 25, 2018. The new regulation empowers the European Data Protection Authorities to impose fines of up to 4% of their annual global turnover for serious infringements or €20.000.000, whichever is larger. It is therefore obvious that compliance is now an immediate need for companies of any size.

How can we help?
ENTERSOFT has ready solutions for all the above

Entersoft, in the context of continuous development of its systems and customer support, invests in its products to assist you, for implementing the proper processes to be in alignment with the new mandatory GDPR regulation. Adopting cutting-edge technology, Entersoft’s entire core of applications (ERP, CRM, WMS, Retail and Mobile) is structurally compatible with the definition of GDPR and fully ready and capable, to reliably cover the very important requirement needs of the legislation.

In particular, we provide:

•Documentation process for the Data Protection Policy applied by a company
• Disclosure of the purpose of using and processing personal data (Scope definition)
• Integrated GDPR Campaign tool for notification and consent (connection with Moosend & MailChimp)
• Procedures for entering, updating, deleting (anonymization) of personal data (clients, users, employees etc.)
• Data protection from unauthorized users (Role based security)
• The sensitivity of the “sensitive” fields can be adjusted only by defined roles & scopes (Field Level Security)
• Special grouping and definition of fields for GDPR purposes for identifying, protecting, and controlling in mass, based on Field Set Security Grouping (FSSG)
• History and application log for user actions (e.g. exports, print reports, copy to clipboard, etc.) for easy detection of possible leaks (Audit trail & reporting)
• Encryption capability for selected fields or tables (Database encryption) – available on MS SQL Server 2016 (13.x or later)

In addition, we are committed in the protection and confidentiality of all data and information made available to us by our customers and partners, completing the GDPR compliance project for the Entersoft Group of companies within this month. We will continue to be at your side, assisting in your compliance efforts for your own company with the new regulation and its integration into your own procedures and processes. Our consultants from our Support and Project Implementation Services are always at your service.