Hello GDPR! What’s up?


What is new with GDPR?

  1. The regulation applies to any organization processing personal data, of a natural person who is in the European Union (EU), to offer a good or a service (even with no payment) or to monitor the behavior of such data subject, wherever this organization is.
  2. Protection applies as soon the information concerns an identified or identifiable natural person.
  3. Explicit consent has to be given for each data processing purpose.
  4. Right to be forgotten, to erasure.
  5. Right to data portability. The data subject can request the data concerning him or her in a structured, commonly used and machine-readable format for his/her own use or to transfer it to another entity.
  6. Right to object to a decision based on automated processing including profiling.
  7. Privacy by design: data should be protected by design and by default.
  8. Impact analysis should be carried out before processing to assess risks.
  9. The obligation to have a Data Protection Officer.
  10. Transfer of personal data to a third country is possible when the country is listed by the EU as presenting an equivalent level of guarantee or specific clauses have to be added to the contract. Consent on the transfer by the person is mandatory.

What is making it a game changer

  1. Single rule across the EU, no more fragmentation by country.
  2. Organizations must provide notification of a breach within 72 hours.
  3. The regulation applies to any organization processing personal data, of a natural person who is in the EU, to offer a good or a service (even with no payment) or to monitor the behavior of such data subject. This applies to organizations located within and outside of the EU.
  4. A record of processing activities shall be maintained.
  5. Penalties: Whichever is larger: Up to 20 M€ or 4% of the total worldwide annual turnover.

Previous episodes

Next episodes

For more information on GDPR, click here.


  1. The official text: http://eur-lex.europa.eu/legal-content/en/TXT/PDF/?uri=CELEX:32016R0679
  2. The GDPR homepage at EU: Reform of EU data protection rules
  3. The Wikipedia page: General Data Protection Regulation 
Previous articleAPI needs Managed File Transfer
Next articleThe race to Digital Transformation
Product Marketing, Architect, Pre-sale, Sale on IT infrastructure solutions - Jean-Claude Bellando has been working in the middleware industry since 1990 when he created the start-up API-Link. His experience covers various fields: creation of start-ups, product management (service-oriented middleware design, product roadmap development), product marketing (support for product launches and sales forces), middleware sales to key accounts. He is currently Marketing Product Manager for Axway's Accounting Integration Suite. In this capacity, he is a regular speaker at round tables, conferences and in the blogosphere.


Please enter your comment!
Please enter your name here