The protection of personal data is one of the fundamental human rights recognised and protected by the European Union. To this end, the General Data Protection Regulation (GDPR), better known as the GDPR, was created. Although it came into force more than six years ago, there are still challenges around understanding commitments and implementation in organizations.
In the Infobip team dealing with this area, they say that the protection of personal data goes beyond the mere obligation to comply with the GDPR. It is crucial for building trust and loyalty of employees, customers and everyone with whom the organization comes into contact.
Whether you are a city, municipality, multinational company or small shop, it is increasingly important for your employees, customers and customers to know that you are handling their personal information carefully. A good privacy program has become a necessary standard and an important criterion for selecting business partners and suppliers, but also for citizens' satisfaction with public services.
The GDPR is (not) a hoax: Compliance with GDPR: What, how and when to do it? This is the name of the training held in November by the Infobip team for personal data protection: Ana Matković Čorda, Ana Šuto, Daniela Perica i Kristina Mandić.
They are held in Infobip's premises in two terms: November 19 in Vodnjan and November 26 in Zagreb. Participation is free, and you can read more about the content and applications here.
-In education we will try to provide guidance for a practical approach to the GDPR, which we believe is not a bogeyman, if you approach it well, explains Kristina Mandić.
Where to start, how to prioritize?
Organizations that align with the GDPR sometimes don't know where to start. It is not easy to assess how much work awaits them, or how to set priorities. In addition, small and medium-sized enterprises and public institutions often have limited budgets and cannot hire professionals who will only deal with this area. As a result, the so-called check-box approach to harmonisation. It implies only the fulfillment of form (i.e. check lists), in order to meet minimum criteria without truly understanding or meeting the requirements.
In practice, GDPR compliance is often seen as paperwork, but this is not the essence of the GDPR. The principles of GDPR should be lived, i.e. implemented in the organization.
– It is not enough to create a policy that will stand in the cupboard or publish a privacy notice on the website and consider the work done. The list of tasks can certainly help us, but I think that is not the true meaning of GDPR, adds Mandić.
Ana Šuto agrees with this and explains that the protection of personal data Continuous work, Something we take care of all the time. Not because we fear punishment, but because we fear punishment. we recognize that it is important to treat your personal data and the personal data of others with care.
– It is necessary to understand the processes and systems within the organisation and how data is processed within these systems. Any change in the process also affects the documents that we need to create. It is crucial to know the life cycle of data and understand that it is a long process, more like a marathon than a sprint – adds Šuto.
GDPR as a source of competitive advantage
Ana Matković Čorda also says that, depending on the type of business, it is useful for entrepreneurs to think about how to use their compliance with the GDPR as a competitive advantage. For example, as a global communication platform, Infobip attaches great importance to the protection of personal data. Significant efforts have been made in this area for years, and clients from all over the world greatly appreciate and recognize this.
Daniela Perica believes that as a society we evolve in the understanding that control over our personal data should belong to us. It is logical that organisations should adapt to this.
-Certainly public awareness of the right to the protection of their personal data is increasing. We are increasingly cautious about who collects our dates of birth, our residential addresses, PINs and phone numbers and the like, and who has access to these data and what does it do with them. Today, it worries us much more than it did 20 years ago, and I think that's good.
This is supported by the fact that Personal Data Protection Agency (AZOP) in its last annual activity report pointed out that notes an increase in the number of infringement requests received. In addition to the fear of abuse (which is increasing with the progress of digitalisation), this is probably also a consequence of the development of regulation and education in which the European Union is leading on the global level.
Olivia: virtual teacher for GDPR
A significant contribution to awareness raising and education in this area has also been made by the AZOP, through the development of a web tool called Olivia. Olivia is a virtual GDPR compliance teacher and assistant, intended for small and medium-sized enterprises. It helps in the adoption of basic obligations, testing knowledge and drafting basic documents.
Ana Matković Čorda was at the forefront of aligning Infobip's organization with GDPR, which was a demanding job.
-When the GDPR first came into force, there were many uncertainties and unknowns. I would say that the situation is better today and that some progress has been made. I believe that practical instructions and advice are the most valuable for businesses This will help them navigate faster and better in the field of personal data protection, says Matković Čorda.
Learn about the most common risks, consents, video surveillance...
For this reason, this training will cover four parts: how to establish a data protection program in an organization, how to manage data processing in marketing and employment relationships, how to comply with regulations to align the website and cookies (cookies) and how to use AI tools in compliance with personal data protection regulations.
Some of the questions that will be considered in the training are, for example: how to assess where the greatest risks of non-compliance are, whether consent must be used for each process activity you perform, whether video surveillance recording can be used to dismiss a worker, etc.
The Infobip team also announces that there will be time for discussion and practical questions. He concludes that the GDPR is not just a corporate story that someone has thought to impose on organizations. it is already there for the protection of a very important human right. If we correctly understand the essence of this Regulation, it will be easier to implement it in the organization.
_________________________________________________________________________________________________
Daniela Perica She graduated from the Faculty of Law in Zagreb and has more than 18 years of work experience. She specialises in information and communication technology. She graduated from the Faculty of Electrical Engineering and Computing in Zagreb. The last eight years have been dedicated to data protection. It is certified in the field of data protection by the IAPP, the International Association of Data Protection Experts (CIPP/E, CIPM). In Infobip, it oversees the implementation of the global privacy and personal data protection program.
Ana Šuto is a lawyer specialising in the field of ICT with a special focus on the protection of personal data. She has been working at Infobip since 2018 and has participated in the management of the GDPR implementation project. As a Privacy Manager, she leads a team of experts who are responsible for analyzing the impact of modern technologies on privacy, and designing and implementing products and services according to global privacy requirements. It is also responsible for personal data protection issues in the context of mergers and acquisitions. It is certified in the field of data protection by the IAPP, the International Association of Data Protection Experts (CIPP/E, CIPM). |
In the photo: Infobip team for personal data protection
English 
Croatian 
Italian 