What Is General Data Protection Regulation (GDPR) and its requirements?
Introduction to GDPR
The General Data Protection Regulation (GDPR) is the most significant modification in data confidentiality guidelines. GDPR is an authorised structure that defines guidelines to collect and process personal data of people. It provides details about the key aspects of data management and individual rights and all businesses that deal with EU citizen’s data. GDPR was introduced on 25 May 2018 and it replaced the Data Protection Directive 95/46/EC and is intended to:
Synchronise data confidentiality laws across Europe
Safeguard and authorise all European Union citizens data confidentiality
Restructure the system by which establishments approach data confidentiality
There are three European establishments formally in-charge of the GDPR process, and two advice-giving bodies for their precise relation to data privacy:
|Authoritative bodies||1. European Commission
2. European Parliament
3. Council of Ministers of the EU
|Advisory bodies||1. Article 29 Data Protection Working Party
2. European Data Protection Supervisor
Timeline and prior regulation
After a two year period, starting Apr-16, the GDPR was fully made obligatory all over the EU in May 2018. Timeline is as follows:
On 24th October 1995, Data Protection Directive 95/46/EC was formed to regulate the processing of individual personal data
On 15th December 2015, both the Council and the Parliament came to an agreement, and the official signing took place in early Jan-16
On 8th April 2016, it was approved by the Council of the EU
On 16th April 2016, it was approved by the European Parliament
On 25th May 2018, GDPR was enforced and replaced the prior regulation
Who does it cover?
General Data Protection Regulation has an impact on most of the businesses, but the most hit businesses will be the ones that process and hold huge quantities of consumer data. Such businesses might include data brokers, big data firms, technology firms etc. If organisations depend on permission to process data, that approval has to be unambiguous and conversant – and transformed if the use changes
Personal Data is defined as any data recognising a Data Subject or material relating to a Data Subject which an individual can identify (directly or indirectly) from that data alone or in amalgamation with other identifiers the company possess or can reasonably access. Personal Data can include a name, email address, location or date of birth or an opinion about that person's actions or behaviour
Who does the regulation affect?
The GDPR does not only apply to businesses situated inside the European Union but also applicable to businesses situated outside of the European Union if they provide services and goods to the EU. Also, GDPR is applicable to all businesses which hold and process personal data of an individual residing in the European Union, irrespective of the business’s location.
Is Nomisma Accounting Software GDPR Compliant?
Nomisma is a cloud-based accounting solution and was launched in 2013 and since then it is popular cloud-based accounting software. The software is also capable of contributing to other business services such as accounting, bookkeeping, corporation tax, self-assessment, company secretarial, and payroll. Nomisma takes complete responsibilities under GDPR. The company started a programme to categorise measures required to implement GDPR compliance. Below mentioned is the summary of key things Nomisma has done:
Apprehending and recording permission – Nomisma aims to allow clients to outline the agreement of keeping, recording, and processing data for any other basis
Breach of data – Nomisma has updated its incident reaction measures in-line with GDPR
Data tracking – Nomisma has created all-inclusive data trackers that scan personal data flow all through its services and system
Data management – Nomisma has processes in place to manage and deal key data insights
Data Processing Postscript – Nomisma produces GDPR compliant postscripts
Data Protection Impact Valuation/Assessment (DPIA) – Nomisma has applied a data protection impact valuation system which is in-line with GDPR requirements. DPIA are assessments and tools used to classify and diminish risk of a data processing activity. Data Protection Impact Assessment can be performed as part of Privacy by Design and ought to be conducted for all main system or business change programs involving the processing of Personal Data
Data Protection Officer (DPO) – DPO is a person required to be staffed in particular circumstances under the GDPR. If a DPO is not appointed, a data protection manager or other voluntary appointment will be responsibility for data protection compliance
Processing data and records – Nomisma produces and processes GDPR compliant data and records
Training to protect data – Nomisma has applied an organisation-wide training module to protect data
Vendor management – Nomisma works with its vendors according to the terms and conditions of GDPR
Free trial version of Nomisma Cloud Accounting Software
Nomisma software provides 1 month free trail and you can use pilot version of our GDPR compliant software.