GDPR – key points about the data processing law

The GDPR was born from a need to protect the sale and transfer of personal data inside and outside the European Union

The more tools we employ to collect and use consumer data, the greater the risk to customer privacy.

One of the hottest topics in recent years has involved  the management and analysis of big data, which can be collected using new technologies and the IoT. The companies in possession of said data can keep track of customer purchasing habits and behavior, segment and profile information and create behavioral advertisements. The GDPR (General Data Protection Regulation) was published in the Official European Journal in 2016 in order to protect customer privacy both inside and outside the Europe Union, the  legislation was drawn up on 25 May of the same year and came into effect on 25 May 2018.

Who is affected by the General Data Protection Regulation? 

The GDPR concerns:

  • some public businesses located in the EU and all European and non-European private businesses acting as data controllers within the EU;
  • European citizens, whose privacy and personal data management rights are now further protected by the regulation, whether provided online or offline.

The regulation concerns all personal data, including names, photos, emails, bank details, social media posts, medical information and computer IP addresses.


The most important new aspects of the regulation involve criteria for identifying and protecting information belonging to data subjects. Data subjects must always be aware of the reasons why their personal information is being used.

The other important aspect involves ‘data portability.’ Data subjects can now access all their collected data free of charge and transfer it to a specific provider. Data subjects are also given the right to rectify, erase and remove any data for which they previously gave permission to be processed.

Data controllers must be able to prove consent (“opt-in”) and consent may be withdrawn or amended by the introduction of data processing limitations.


Companies play a key role in this new regulation and must pay special attention to and be clear about how they collect personal information.

First of all, they must transparently and appropriately demonstrate express consent for all personal data they collect. Detailed documentation, registration and continuous risk assessments are now essential data governance measures.

The regulation also identifies a specific individual responsible for protecting data within a company, while the creation of a code of conduct and data protection certification mechanisms is also encouraged. Any violations are sanctioned with fines and written warnings, and it is therefore important to inform national authorities of any data leaks or incorrect data management by companies.


Application of the GDPR has had a positive effect on the economy as all companies residing in countries where the regulation applies must finally abide by the same rights and obligations, without any problems regarding privacy laws that are too lenient for one company and too limiting for another. In fact, this legislation both aids the free movement of personal data within the EU – via universally adopted methods and limits – and prevents cybercrime, thus protecting companies and end users alike.

Thanks to the GDPR, a company’s reliability and professionalism can finally be measured by the quality of their data processing methods. Proper management not only improves the trust of end users, it also improves the quality of internal processes and strategy.

Bizeta offers dedicated software to international retail and SMEs that can be used to strategically and securely manage user data by implementing these strategic points:

Compliance: Compliance with the GDPR in terms of security, personal data and privacy.

Risk Management: System development level analysis, for establishing correct security strategies.

ICT Security: Management and monitoring activities for ensuring that systems and IT infrastructures are secure.


Contact us for a personalized consultation!




The commercial staff of Bizeta Retail Solutions is at your complete disposal to give you any information about our solutions.


    By reference to Legislative Decree 196/2003 and to EU Regulation no. 2016/679, on the protection of privacy, I expressly authorize the use and processing of my personal data. (I agree to the treatment of my personal information)