The PetrolPlaza audio version is presented to you by UNITI expo, the leading retail petroleum and car wash trade fair in Europe.
  • Home
  • News
  • ICASA XPetro: European retailers prepare for new data protection regulation

ICASA XPetro: European retailers prepare for new data protection regulation

Is your company ready for the General Data Protection Regulation that starts from 2018 onwards?

Last update: | Advertorial
ICASA XPetro: European retailers prepare for new data protection regulation
ICASA XPetro: European retailers prepare for new data protection regulation

By the end of May 2015 the European Union reached an agreement on the General Regulation for personal details Protection, the so called General Data Protection Regulation or in short GDPR.

The new law includes a number of new obligations and liabilities for companies that process personal details of Europeans as of May 2018. Given the impact of the changes and the risk on high fines it is very important that you check to what extent this might have an impact on your company and which measure you should take to limit the risks to a minimum.

Protection of personal details

If your company registers personal details in its database (even if you save your data locally but an external software supplier has access to the data) then you are responsible for the control and the protection of these data. Personal details are understood to mean all information of characteristics that can lead to the identification of a natural person such as a name, an identification number, location facts, an online identification…

For instance, license numbers of vehicles, the registration of fuel cards or the delivery of fuel at home can be reduced to a natural person which means these data fall under the new privacy legislation.

The man responsible for processing takes necessary measures

In every company someone is responsible for the process. This person determines the target and the means for the processing of personal details, alone or together with others. Next to this, you have the people who process data on a daily basis whether or not by means of automatic procedures such as collecting, securing, arranging, structuring, retrieving, adjusting, modifying, …. They keep a close watch on the compliance with this new legislation, give advice when necessary and cooperate with the surveilling authority. The one in charge of the processing takes the appropriate measures to be able to show that the processing is in compliance with the new privacy legislation. While doing so, he takes the nature, the impact, the context, the target of the processing and the various risks for the rights and freedom of natural persons into account. In this way, the pseudonyming and the encryption of personal details is primary. Moreover, the measures taken should guarantee the confidentiality, integrity, availability and elasticity of the processing systems.

Obligatory DPO

A DPO or a Data Protection Officer is appointed if the processing is done by an agency or a body of the government, or when the processes should be regularly observed on a large scale because of their nature or size. Customers can contact this Data Protection Officer concerning all matters that rely with the processing of their data and the execution of their rights. Make sure that you are properly informed whether or not your organization is obliged to appoint a DPO.

High fines on the non-compliance of the GDPR

Companies that don’t comply with the new obligations risk - as of May 2018 - an administrative fine that can mount up to € 20.000.000. For an undertaking it can mount up to 4% of the total global annual sales in the preceding fiscal year if this number is higher.

From this point of view it is very important that your company has a policy or a processing agreement that clearly stipulates how you process data, which data you process, how you prevent violations and in what way you comply with the guidelines that the GDPR imposes. Private persons should be able to retrieve at any time which data your company registers (because you can’t keep any more than necessary or any longer than necessary) and to what purpose. They have the right of rectification or to erase personal details at all times.
In short, it is a great challenge given the fact that the greater part of the companies will be confronted with this.


Independent entrepreneurs in the energy section!

A person warned is worth two…Please don’t make the mistake of thinking this legislation doesn’t apply to you as an entrepreneur. Make sure you are informed in time as to what extent this has an impact on you and your organization and react adequately. May 2018 comes sooner than you think.

We are already working on it… are you?

Related contents

Product & company news

Rontec awards five-year contract to ICASA

Product & company news

ICASA Group launches new website in the context of its international expansion

Case studies

Van Reeth Service Stations choose XPetro

Industry news

PetrolPlaza Special: The revolution of cloud-based solutions