GDPR (General Data Protection Regulation)

Regulations, directives, ordinances, guidelines, instructions, standards, laws, procedures, and policies rarely excite the (IT) market as much as the GDPR (General Data Protection Regulation) has in recent times, which came into effect on May 25, 2018. This is a European Union-level regulation that defines the rights and obligations, as well as the roles and responsibilities, in the relationship between individuals and organizations (businesses and institutions) concerning the handling of personal data. The regulation is not restrictive in nature; rather, it places emphasis on the accountability of organizations and the transparency of personal data processing, grounded in common sense and fundamental human rights.

As the operations of modern businesses are heavily reliant on technology, and the future of business guarantees further digitalization and automation, the scope of Plavi Tim’s activities is significantly affected by the GDPR. Technology has opened up entirely new avenues for business development and models that, on occasion, can be, if not illegal, then unethical regarding the use of personal data. Various “big data” processing, marketing profiling, and open trading of personal data have brought data protection to the forefront of EU legislators’ agendas. Although it does not specify particular technological solutions as mandatory, the GDPR does imply the need for the enhancement of technological, control, and organizational mechanisms and processes to ensure data protection and transparency.

The regulation is drafted broadly enough to encompass high-risk organizations handling large volumes of personal data involved in mass marketing, banking, or telecommunications, as well as companies like the members of the INA Group whose business models do not rely on the exploitation of personal data. In fact, very few companies and institutions can claim that the GDPR does not concern them, as even if they do not identify customers, they almost certainly identify employees, partners, and collaborators whose personal data they store.

Therefore, it is crucial for all of us living and working in the EU to be aware of the fact that personal data is as much private property as any other asset, and, since the GDPR came into effect, we only lend it to organizations whose services we use. You allow organizations to process your data because you want their service, and organizations collect your data with your consent for legitimate business reasons or based on a law that covers their operations. Understanding this process is important because we are simultaneously individuals whose personal data needs to be protected and used responsibly and employees of an organization that processes someone’s personal data.

For us, as Plavi Tim employees, it is particularly important to bear in mind the protection of personal data since among us, there are many administrators, analysts, privileged users, and architects who, due to the nature of their work, have deep insights into the data and business processes of INA Group members. These members rely on us to ensure that the information system we maintain is efficient, stable, and secure.