Understanding General Data Protection Regulation

Written by
3 Minute Read
Share Blog:

The European Union’s (EU) General Data Protection Regulation (GDPR) is predicted to evolve as a global standard for data protection. So, what is it exactly?

GDPR introduces a new accountability principle that is designed to control and standardise the way businesses use data, and to ensure that data protection laws are applied consistently across every country within the EU. Under the terms of GDPR, organisations must ensure that personal data is gathered lawfully and under strict conditions.

Lawful means that the subject or person has consented to their data being processed, the data processing is in the public interest, complies with a contract or legal obligation or the data is held to prevent fraud. At least one of these justifications must apply for the data to be processed lawfully.

Organisations who collect and manage data are obligated to protect the data from misuse and exploitation. They are required to respect the rights of data owners and the data owner’s freedom to determine what, where and how their information is shared.

Control and Process

GDPR legislation is applied to two different types of data managers; data controllers and data processors. Both must comply with the GDPR even if their organisations are based outside of the EU. For example, if your online inventory management provider is located outside of the EU and they are dealing with data belonging to EU residents, the GDPR will still apply.


A data controller can be any organisation, not-for-profit or commercial company. It is the obligation of the data controller to state how and why personal data is processed, and they are responsible for ensuring that their processor abides by data protection laws.

Controllers, like your online inventory management provider, are obligated to guarantee personal data is processed lawfully, transparently and for an express purpose. Once that purpose has been fulfilled and the data is no longer needed, it must be returned, deleted or destroyed.


While the controller asserts how and why personal data is processed, the processor is the party undertaking the actual processing of the data. A processor could be an IT firm doing the actual data processing.

Processors themselves must abide by the rules to maintain records of their processing activities. If processors are involved in a data breach, they are far more liable under GDPR than they were under the EU’s preceding Data Protection Act.


Compliance is vital. Companies will need to demonstrate that data compliance measures have been integrated into data processing activities at every stage.

This includes maintaining a register of the details, descriptions and categories of the personal data collected, where the data is stored, and the applications used to access personal data. Controller and processor details should also be recorded, including company name, geographical location, the purpose of processing and details of data transferred to other areas.

An online inventory management company that uses only numeric data to measure inventory turns or predict future sales would not be directly impacted by GDPR, however, if the you were using personal data from your online inventory management system to personalise marketing and promotional activities, then GDPR would expressly apply.

Business found not adhering to the rules of the GDPR will attract substantial penalties for non-compliance. Fines of up to €20 million could be charged, or four percent of the company’s global annual turnover, whatever figure is higher.

Global Impact

Although the GDPR is designed to protect EU citizens, it applies to any organisation that holds or processes the personal data of an EU resident’s, regardless of geographic location.

Every company that operates in, or has EU-based users, will be required to adhere to the GDPR’s new stricter privacy standards. Given that many online businesses have customers or users in this region, the GDPR is essentially setting a new global standard by giving user greater control over their personal data and privacy.

More about the author:

Share Blog:
Melanie - Unleashed Software

Article by Melanie Chan in collaboration with our team of Unleashed Software inventory and business specialists. Melanie has been writing about inventory management for the past three years. When not writing about inventory management, you can find her eating her way through Auckland.

More posts like this


Subscribe to receive the latest blog updates