The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is due to come into force in all EU member states on 25 May.

The GDPR is created to regulate how businesses should take care of personal data. It applies to small and medium-sized enterprises (SMEs) as well as to large corporations.

Data controllers must make clear how they collect people's information, what purposes they use it for, and the ways in which they process the personal data. Companies must also use plain language to convey these things clearly and coherently to people.

If a company uses personal data it is considered as a data controller under the GDPR. Data controllers must ensure personal data is processed lawfully, transparently and for a specific purpose. Once that purpose is fulfilled and the data is no longer required, it should be deleted.

The GDPR ensures people access to their personal data at "reasonable intervals", data controllers having a month to comply with these requests.
People have the right to access any information a company holds on them, and the right to know why that data is being processed, how long it's stored for, and who gets to see it. People can also ask for that data, if incorrect or incomplete, to be rectified whenever they want.

Companies need to review their data protection policies and technology and verify if they are compliant. Personal data should be protected, encrypted and always be up to date with IT security solutions.
If a data-breach occurs it's the responsibility of the data controller to inform first the people affected an secondly the Privacy Commission of any data breach within 72 hours.

Complying with GDPR is vital. Any company found not compliant with the rules could be charged fines of up to €20 million or 4% of the company's global annual turnover.

Panis can assist you with the implementation of the GDPR. For more information, please contact Mr. Michel Van Gysel,