Articles / 04/04/2018

Applying EU GDPR: The New Data Protection Regulation

eu gdpr article feature image

Because data privacy is one of our main priorities, personal information security matters are the issue, enabling us to build trust and credibility among our customers. To assure them we do everything it takes to maintain their data security at the highest level, we have been conducting a GDPR (General Data Protection Regulation) compliance audit.

To meet all GDPR requirements, we partner with European law firms that guide us in the right direction while we focus on drafting robust security policies. At Heficed, we strongly believe in the importance and effectiveness of the new EU regulation.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new European Union law regulation on data privacy and protection. It replaces the previous law of Data Protection Directive 95/46/EC. The directive is pretty outdated, as it was submitted way before the Internet become the online business platform that it is today.

The new regulation will bring a significant impact to businesses and organizations in the EU, in terms of thinking and dealing with data privacy and security programs. The GDPR applies to all organizations, from small and medium-sized companies to large enterprises that are involved in processing sensitive individual data in the context of selling goods and services to citizens in the EU.

Why is the GDPR necessary?

Online operating businesses and organizations collect, hold, and process vast amounts of sensitive personal data, posing a significant risk it is not adequately protected, e.g., stolen or abused. Therefore, the General Data Protection Regulation was introduced.

The new regulation requires to ensure the security of sensitive personal information processing. It includes preventing accidental data breaches as well as unauthorized and unlawful processing, personal information damage, or destruction. Hence, appropriate technical security measures are required.

The European Parliament adopted the GDPR in April 2016. It will become enforceable throughout the EU on 25th May 2018. Until then, EU companies and organizations have time to prepare.

Why is the GDPR a step forward?

Heficed believes the new regulation is a step forward in user data protection improvement. We think it will positively affect online businesses, introduce new user data order, which is more concerned and protective.

Being GDPR compliant is proof that a company is moving forward to positive changes together with the world‘s leading businesses and takes the EU regulations seriously. We have been taking time and effort to complete the requirements to become GDPR compliant and join the companies reaching for a higher level of customer trust and confidence.

What happens to the non-compliant companies?

What happens to businesses that do not meet the EU GDPR requirements? Non-compliant companies are at risk of getting penalties of up to €20 million or 4% of global annual turnover, the one which happens to be higher. Determining the mentioned fines, regulators expect organizations to be GDPR compliant on time and consider renewing the outdated data protection systems with responsibility.


We are happy to be a part of the EU GDPR initiative, motivating all of us to rethink the importance of our customer’s data privacy. Heficed assures that the GDPR will increase trust and responsibility among online businesses. Positive changes will come when all the participants invest their time and effort to protect consumer data security rights. It is taking care of the healthy and competitive digital market as well.