On May 25, 2018, the new EU General Data Protection Regulation (EU GDPR) came into force as a replacement for the 1995 EU Data Protection Directive (95/46 / EC). Its aim is to give EU citizens the opportunity to control it about their personal information.
Thus, the EU GDPR determines how personal data may be collected, processed, stored, deleted and used. All companies doing business in Europe must adhere to these guidelines - regardless of your location. Failure to comply with the guidelines can lead to high fines (up to 4% of worldwide annual turnover or up to € 20 million).
In preparation for the principles of the EU GDPR the integrity and confidentiality of the data is crucial. Personal data should therefore be made as anonymous as possible so that EU citizens can no longer be identified.
Not only the companies that collect them are responsible for data protection, but also external companies that process the data.
The example Doctor-Patient-health insurance company gives an indication of the complexity of the project: the doctor records the personal data of his patient. However, when it comes to forwarding critical patient data to the health insurance company, there is still a need for action.
Thus, the implementation of the EU GDPR requires a categorization or classification of personal data with a corresponding access management. Not everyone should see or process all data. The data that may be further processed should be as few as possible. The claim to data management within companies is to save as few personal data as possible and to control exactly who may use which data. In addition, both the obligation to provide information and the right to be forgotten are to be met in this context.
With our Transbase® security concept you can achieve the balancing act between data processing and data protection.