The European Union’s General Data Protection Regulation goes into effect on May 25th. As we loom closer to that date, stories detailing company’s willingness to abandon the EU have begun to circulate. Sure, companies like Unroll.me have existed in murky waters (being able to data-mine email content for competitive intelligence) up until the GDPR was ratified. However, that doesn’t mean that US-based companies need to abandon the EU due to the new regulations.
First things, first.
The GDPR is (in some cases) replacing existing data protection laws within the EU. What that means is that the UK (which just published their Data Protection Bill) will approach the GDPR with a different lens than the Czech Republic. This is a nuanced but incredibly important point. Every global corporation, with an EU office, is already used to obeying country-level data privacy and security requirements and, by those standards, are already obeying vital elements of GDPR.
Germany, for example, has served as a role-model of sorts for the GDPR. Not to overstate the point but, the GDPR replaces most of the current data protection laws across the EU. The new regulations do not however, override the essential principles of the current rule. Rather, the GDPR preserves the basic principles while implementing stricter and more extensive rules. In the UK’s case, the Data Protection Act of 1998 served as another EU standard for the GDPR. If US-based companies within the UK were complying under the DPA of 1998, they are likely on the way to GDPR compliance. Yes, there are going to steps companies need to take to fully comply with GDPR like: reviewing consent requests for processing personal data, being able to demonstrate how it complies with GDPR, complying with rules dealing with the processing of child data and finally, documenting its processing activities.
In other words, the GDPR is not a new, revolutionary way of thinking. The GDPR is another logical step, in the evolution of data protection. Yes, the most noteworthy changes regard the scope and applicability (policies apply across the EU member states), data governance and allocation of responsibilities, data subjects´ rights (facilitation and expansion), and sanctions. But at its core the GDPR looks to expand on laws established by individual countries years ago.
The goals of the GDPR are as follows:
- Update the law to protect personal data in the era of globalization and never-ending technological revolutions.
- Strengthen individual rights while reducing bureaucratic burdens to ensure the flow of personal data within the EU.
- Bring lucidity and logic to personal data protection rules and ensure the unwavering application and implementation throughout the EU.
Here at Macrosoft, we’ve seen our fair share of VFP applications and have successfully migrated them in several ways. We have helped US-based companies operating in the EU modernize their applications, to become GDPR compliant. Due to the fact, that data can easily be read by any text editor (and there is no easy or direct way to encrypt it) being GDPR compliant with a VFP application is bordering on the impossible. If data is stored as plain text, anyone can read it and this will lead to major violations. Luckily, Macrosoft is here to help. If you’d like to learn more about the GDPR and how we can help you migrate from a legacy VFP application, you can download any of our whitepapers or just contact us directly.
Fact of the matter is this: GDPR isn’t revolutionary—it’s evolutionary. At it’s core, GDPR is about better protecting EU citizens and in some ways, making sure companies operating within a modern EU are running modern applications. Download our whitepaper to know more about GDPR and how it will affect you and your business.