09/11/2018 (Updated on: 18/02/2019)

The European General Data Protection Regulation (GDPR), enforcement of which will be mandatory for EU Member States starting 25 May 2018, gives individuals more control over their personal data and requires companies to be actively responsible for ensuring compliance. Public and private businesses and organizations have less than two months to be ready for the GDPR, and EDICOM guarantees compliance from that date. The law provides for a fine up to €20 million for offenders or up to 4% of annual worldwide turnover for the data controller.

At EDICOM, we are working to adapt all our services to the new regulation to guarantee data processing and privacy under the new regulatory framework. In this case, the guarantee covers two areas. On the one hand, regarding our customers, and on the other hand, as an online archiving service provider offering solutions for companies to comply with the GDPR regarding the data they handle on European citizens.

The advantage of having EDICOM as your provider is that, on top of our technological expertise, our servers are located in Europe and will therefore deliver on the GDPR. Our trading partners can be assured that their data will be processed and protected under this Regulation.


EDICOMLta: a long-term archiving solution at the service of GDPR

Archivinguser data will be more important and require more protection than ever. Having a GDPR-compliant archiving service is essential for companies that handle personal data. EDICOM can provide a company with an online archiving service that will comply fully with GDPR requirements, available in the cloud and accessible at a global level. With the EDICOMLta solution, companies can archive and protect customer databases, or any other type of personal information contained in agreements, pay slips, multimedia files, invoices, and more

EDICOMLta (Long term archiving), the online data archiving service that EDICOM offers as a qualified trust service provider under the eIDAS regulation, assures the integrity and confidentiality of managed data, which acquires a probative value thanks to the certification process to which it is submitted. The service applies the qualified trust methods of electronic signatures, seals, and time stamps provided under the eIDAS regulation.

Businesses with offices in Europe but customers and users in the EU whose data travel to be processed and archived in servers outside of the Union must either have an agreement under a European privacy seal or store data in GDPR-compliant solutions like EDICOMLta.


Why is GDPR necessary?

Globalization, the development of the digital economy, and new technologies have triggered a rise in the dissemination of personal information and the assignment of personal data, as well as the exchange of this information between public and private operators at home and abroad. The Regulation establishes a common legal framework in Europe guaranteeing an equivalent level of protection of individuals’ rights and freedoms across all Member States and removes obstacles to the circulation of personal data within the Union arising from divergences in the implementation and enforcement of Directive 95/46/EC.

Whatever their size, turnover, or location, all businesses and organizations that process and archive personal data of citizens living in the European Union must review their processes to adapt to compliance with the GDPR, designed to amend a number of aspects of the current regime and to introduce new obligations. The Regulation applies to the fully or partially automated processing of personal data as well as the non-automated processing of personal data contained in or intended to be included in a file.


More control over personal information

The new regulation aims to make the information that citizens provide to companies more transparent and accessible and to improve the related control mechanisms through new elements such as ‘the right to be forgotten’, a limitation on processing, and the right to data portability. Companies must draw on the rights the GDPR establishes for people who have assigned their personal details to third parties to put in place mechanisms and procedures that guarantee them.


Active role of companies: controllers, processors, and data protection officers  

One of the most important new aspects of the GDPR is the active role of businesses through the figure of the “controller”, which must apply technical and organizational measures to guarantee and demonstrate that processing is in line with the Regulation. Ultimate responsibility for personal data processing falls to this figure.

The GDPR also establishes obligations on the figure of the “processor”, i.e., the individual or entity, public authority, service, or other body that processes personal data on behalf of the controller. This party is not limited to the sphere of the contract binding the controller and may be supervised separately by the data protection authorities. For example:

• They must keep a register of processing activities.

• They must determine the security measures applicable to the processing they perform.

• They must appoint a Data Protection Officer in the cases provided for under the GDPR.

Also, as covered by the Regulation, processors can adhere to a code of conduct or a certification mechanism as provided for under the GDPR, showing that they comply with the required guarantees.