Data Protection Regulation GDPR Guide

Data Protection

Data Protection and GDPR become enforceable from 25 May 2018. Stronger rules on Data Protection from 25 May 2018 mean citizens have more control over their data and business benefits from a level playing field. One set of rules for all companies operating in the EU, wherever they are based. Find out what this means for your SME.[1]

What is Personal Data?

The definition of Personal Data covers any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.[2]

Personal Data: Name, Address, Localisation, Online Identifier, Health Information, Income, Culture profile etc

What is Personal Data

The Importance of the GDPR Rules

Why change the rules? For building a safe environment for all users and business owners.

The Importance of the GDPR RulesThe Importance of the GDPR Rules

What a company must do

To be GDPR compliant a company should begin with the following:

  1. In all circumstances must protect the rights of people that are giving you their data 
  2. Enable a transparent communication
  3. Get their clear consent
  4. Allow people access their data
  5. Inform people of any data breaches
  6. Offer people the option to erase their personal data
  7. Inform people in case of profiling process
  8. Give people the right to opt out of direct marketing
  9. Safeguard all sensitive personal data
  10. Make legal arrangements for data transfer outside the EU
  11. Do data protection by design in early stages of development

What is Data Protection

What is Data Protection

What is Data Protection

What is Data Protection

What is Data Protection

What is Data Protection

You can visit the EC.EUROPA.EU and read this guide in your language here>>

Data Protection Officer DPO

A certified person with expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with GDPR Regulation.

The DPO is similar but not the same as a Compliance Officer as they are also expected to be proficient at managing IT processes, data security (including dealing with cyber-attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations.[3][4]

Data Protection Officer DPO

The Fines

The cost of non-compliance with GDPR

How healthcare organizations should prepare for GDPR

Information and Support from Grafimedia SaaS Health IT ExpertsAll levels of healthcare organizations or centers face huge obstacles on how to apply all the necessary updates to their clinical HIS, Data Banks and to all connected information systems. As many Head of IT Departments knows, all changes should run with an active operation system, because hospitals or clinics cannot switch off their network. In addition, GDPR will require the designation of a Data Protection Officer (DPO). Read more about how Grafimedia SaaS Health IT Experts can bridge the gap and make your company GDPR compliant. Continue reading…


  • [1] SME stands for Small and Medium-sized Enterprises. SMEs represent 99% of all businesses in the EU. The definition of an SME is important for access to finance and EU support programmes targeted specifically at these enterprises.
  • [2] Source: Data protection directive (officially Directive 95/46/EC)
  • [3] Source:
  • [4] Source: Grafimedia Health IT Library
  • All information and visuals are from the official website of European Commission about GDPR: EC.EUROPA.EU 


About Areti Vassou

Digital Strategy Director. Make Ideas Happen @ Digital Media, Research, Social Media Strategy, Web Design, Digital Copywriting & Digital Graphic Design.