GDPR Legislation

Posted by Koen Van den Bossche 17/01/2020 0 Comment(s) Workflows,

What is the GDPR legislation?


GDPR stands for General Data Protection Regulation (in Dutch 'General Data Protection Regulation' or AVG).

It is a set of rules introduced by the European Union with the aim of protecting the data of natural persons. Conditions are imposed in connection with the processing of personal data and the free movement of such data.
The GDPR legislation replaces the 1995 data protection directive. This directive was out of date and From May 2016, this regulation is active. Companies with more than 250 employees who process more than five thousand records per year, however, will have until 25 May 2018 to adjust their data management. Later, this legislation also applies to SMEs, regardless of their size and the number of processed records.
So you have a little time. Nevertheless, you are well advised to make the necessary preparations and measures now.



If serious irregularities are found after this date, fines may be imposed. The maximum fine can amount to 20 million euros or 4% of the annual worldwide turnover, depending on which amount is higher.

The GDPR legislation concisely summarized


Reading the full description of the new European GDPR legislation is no fun. Moreover, you probably do not have time for this. That's why we summarized the most important things:


1. Transparency


Companies must inform users about how the data is collected and processed. This must be done in a clear way so that the reader understands this..


2. Notification obligation


In the case of a data breach, companies must report this within 72 hours, unless this leak does not endanger the personal data.s.


3. Consent


Permission from the user is required for the collection and processing of his / her personal data. This permission must not be given explicitly. An example of this is the cookie popup that appears on many websites, with a link to a page with additional information. When you continue to use the website, you assume an implicit permission..


4. Right to be forgotten


One of the most important pillars of the GDPR is the right to be forgotten. If a person requests it, companies must be able to erase the personal data (even if they have been shared with third parties).


5. The usefulness of secure erasure


The last pillar - the right to be forgotten - again underlines the importance of secure erasure. As a company you want to be sure that when the user requests it, the personal data will be removed in a correct and efficient manner.
If this was not done correctly, heavy fines can be imposed.
That is why you better automate this make things bullet proof. Check our link GDPR Legislation.


There are no video's available for English