What is GDPR?
GDPR stands for General Data Protection Regulation, a new European regulation passed by the European Parliament on 16 April 2016 which will come into action as of 25 May 2018.
It is a bulky yet abstract document of which the exact specifications are currently still unknown. The 'Working Party 29' therefore regularly publishes guidelines in order to finalise the abstract descriptions and formulate examples.
Aims of GDPR?
Our current Privacy Act dates back to 1992.The way we currently handle data is significantly different from 25 years ago. Online marketing, big data, profiling, social media, e-commerce... are all concepts that came into use in the last few years, which have no significance under the current Privacy Act. The new GDPR will therefore provide uniform protection of privacy rights in the current technological and digital economy.
Who is affected by GDPR?
The answer to this question is straightforward: GDPR affects all businesses, organisations and authorities within the European Union that automatically or structurally process personal data;
all data that allows identification (e.g. name, address, telephone number, IP address...).
Vesting Finance is also getting ready
Within Vesting Finance, the GDPR workgroup which falls under the Risk, Compliance & Governance department is preparing our business for this new regulation.
- a risk audit identifies which data is used, where it is stored within our company, who has access and what the potential risks are;
- current contracts with suppliers and customers are reviewed so that they are compliant with the new regulation;
- all our employees are already being informed through workshops on how to handle data and prevent data leaks.
A compliance process is only successful if all stakeholders take part.
Vesting Finance not only makes sure that all employees within the company are up to date with regard to the new regulation, it will also implement GDPR within its customer relationships.