GDPR – Myths and Facts, IT Business – June 2017

Newsletters, conferences and of course tech reporters are all abuzz about the European Union Data Protection Regulation. Experience shows that the vast majority of corporate leadership still possesses an incomplete understanding of the issue, which could potentially cause problems going forward.

GDPR (General Data Protection Regulation) is not just confined to the IT profession, but has to do with all activities where personal data protection is concerned. Even paper-based data management is impacted, along with any other manual personal data management processes. ALPHANET Informatics Zrt. has made it their strategic goal to spread information to leaders and organizations affected by these new laws, says Attila Haraszti, ALPHANET’s chief IT strategist.

Myth Number One – What Lawyers Invent, They Must Resolve

Looking back at the history of IT system integration and software development, it’s clear that the oft-adopted attitude of “lawyers create the regulations, let them put them into action” is not a productive position to adopt on emerging compliance issues. “It’s also a misunderstanding that the requirements created by GDPR can be resolved by existing cloud or IT service solutions.” – says the strategist.

GDPR modifies an existing EU directive (95/46/EC). This data protection guideline was enacted in 1995 and was not directly mandatory for EU member states. Each country instead wove the guidelines into their own laws, which in the case of Hungary, took effect as the “Info Law” (2011 CXII law on the right to informatic self-determination and information freedom). Since every EU member nation has enacted these guidelines in their own way, the European Union has now created a regulation with the goal of bringing these disparate implementations in line with each other, and updating them to meet the challenges of the present day.

Myth Number Two – This Only Applies to the Big Players

Although it is true that small and medium business will find it easier to comply with these new guidelines, it does not mean that they are above scrutiny in compliance checks. In the SMB sector, it is not mandatory for companies to appoint a Data Protection Representative, except in cases where sensitive data (for instance health data), or large amounts of data are handled. In the case of sole proprietor e-commerce operations, GDPR compliance is a large task, even more so if the products on offer are marketed to children and young people, as they must obtain proof that their customers are above 16 years of age, or that younger individuals have obtained parental authorization. These points were not present in the previous guidelines.

Starting Off and Making It Happen

Since its establishment, ALPHANET has placed special emphasis on the creation and implementation of the IT security and data protection measures necessary for organizations involved in infocommunications. ALPHANET is capable of providing all of the support necessary to get new GDPR compliance projects off the ground, including all of the key knowledge of data protection and IT security that forms the basis of an effective GDPR-complaint system. ALPHANET’s long track record includes examples of:

  • Measuring and consultancy services.
  • Creation of educational and e-Learning frameworks.
  • Planning for the implementation of new systems.
  • Ensuring the necessary tools for the planning and realization of the following systems:
    • Transparent data storage and communication systems (ITSM)
    • Data storage and recovery (saving and archiving)
    • Permissions and identity management (IdM)
    • Document (contribution) handling (EDM)
    • Workflow automation

The law becomes effective on May 26th, 2018 and that means there is very little time to spare!