The Digital Age and Personal Data Protection
The digital era has transformed how individuals and organizations communicate and exchange data. More services are moving online, and these services increasingly require our personal information. Individuals are making their personal data available globally and publicly more than ever before.
But what about security? Is it being compromised? How can we ensure the flow of information while maintaining a high level of data protection? These are just some of the questions we will answer in this text.
What is GDPR?
In the race for competitiveness, the more data you have, the more information you possess to predict market trends, make strategic decisions, and outperform the competition. Due to the increasing exposure of data in such an environment, there is a clear need for legal regulation to protect individuals.
Consequently, the European Union (EU) adopted the General Data Protection Regulation (GDPR). Although passed in 2016, it became enforceable on May 25, 2018, marking the deadline for all processes and IT systems to be aligned. This Regulation aims to contribute to an area of freedom, security, and justice, as well as economic and social progress, by strengthening the internal market and the well-being of individuals.
Many companies often treat client data as a free resource, collecting it without limits, protection measures, or consent. GDPR represents a new legal shield for EU citizens. Its legal foundation lies in the Treaty on the Functioning of the European Union and the EU Charter of Fundamental Rights, which explicitly state that everyone has the right to the protection of their personal data. GDPR is a tool that forces companies to rethink how they collect, analyze, and store data.
Scope of Application
GDPR applies to any organization that stores or processes personal data of EU citizens within the EU. This includes micro, small, and medium-sized enterprises (SMEs), public institutions, and agencies, regardless of whether the organization is based in the EU or not, and regardless of its size or industry. All legal entities are obligated to follow these rules, covering not just online business but anyone with access to personal data. Covering only fragments of your business will not be enough; the entire lifecycle of data collection and use must be compliant.
What is Personal Data?
Personal data is any information or combination of information that can identify an individual. It’s not just a name and surname. It includes age, gender, ID numbers, phone numbers, email addresses, IP addresses, GPS locations, salary details, bank accounts, education records, photos, videos, and even lists of favorite books or songs, RFID tags, and website cookies.
What does GDPR bring to individuals?
GDPR grants individuals more rights, easier access, and greater control over their data, which is often used for advertising. The rights of the data subject are clearly defined: the right to know how data is used, the right of access, the right to rectification and erasure (“right to be forgotten”), the right to restrict processing, and data portability.
To store personal data, we must obtain explicit consent. Once consent is given, data can only be processed for the specific purpose stated. Furthermore, if a data breach occurs, authorities and the individuals affected must be notified within 72 hours.
What does GDPR bring to companies?
GDPR applies to any company handling the data of individuals residing in the EU, regardless of the company’s location. This means firms in Bosnia and Herzegovina that have employees, customers, or users who are EU citizens must comply.
Non-compliance carries heavy penalties: up to €20 million or 4% of total global annual turnover, whichever is higher. To ensure compliance, you need experts who understand these requirements. In some cases, you must appoint a Data Protection Officer (DPO).
How to apply GDPR in Bosnia and Herzegovina?
Although BiH is not an EU member, it has committed to aligning its legislation with EU laws. While a new Law on Personal Data Protection is in the works, BiH companies must already protect EU citizens within and outside their borders. The essential first step for any BiH organization is a “Compliance Assessment.”
How can ED-Vision help you?
Implement this Regulation and show your clients that you give them full control over their data!
Privacy Policy: If you don’t have one, we will create it. This is a vital document for transparency. We will ensure it is written in clear, simple language so users understand their rights.
Cookies: The “This site uses cookies” banner is no longer enough. We implement solutions where users can accept or reject specific types of cookies and withdraw consent at any time.
Forms: We will audit your web forms. Consent boxes for marketing must not be “pre-ticked.” We ensure that if a user gives an email for a purchase, you only use it for that purchase unless they explicitly opt-in for newsletters.
Newsletter: GDPR ends the practice of using “bought” lists or forced subscriptions. We implement double opt-in systems to ensure your marketing is 100% legal.
Data Access: We can create user profiles where clients can view, edit, or delete their data and history themselves, reducing your administrative workload.
Note: The information provided is of a general nature and represents our interpretation of GDPR. While we use these same methods for our own compliance, we recommend consulting a legal professional for specific legal guarantees.
