General Data Protection Regulation (GDPR)

What is GDPR?
The General Data Protection Regulation (GDPR) is one of the biggest changes ever, and has been an issue on the agenda, regarding how the processing of personal data should be processed.
What is the purpose?
Harmonization of European regulations on the protection of personal data, updating of the legislation applicable to personal data protection, adopted more than 20 years before the widespread use of the Internet, and strengthening citizens' rights, data owners.
What influence does it have in my company/business?
The GDPR has an impact on all companies and the processes of all its departments, regardless of their size or turnover, that are or are acting in one of the European Union's spaces.

Your business will have to ensure more efficient security policies and protection of personal data, prevent misuse and give them all the necessary mechanisms to control them, in order to achieve full compliance with the GDPR.
Which are the basic principles of the GDPR?
The RGPD defines a set of concepts and obligations that are broadly translated into 4 basic principles, which answers the companies are obliged to give and to prove, in order to demonstrate responsibility and compliance with the regulation:
  • Why do we have personal data?
    - Execution of a contract?
    - Legal obligation?
    - Vital interests of the data owner?
    - Public interest?
    - Consent?
  • Who has access to personal data?
    - Human Resources Staff?
    - Billing Staff?
    - Accounting Staff?
    - Quality Staff?
    - HST Staff?
  • How long do we retain personal data?
    - Invoicing: 10 years?
    - Curriculum: 1 year?
    - Medical Fitness Certificate: 5 years?
    - CCTV: 30 days?
  • How do we ensure data security?
    - How do we access and update the data?
    - Do we have physical/digital controls?
    - How safe and secure are the data?
    - How do we react to failure?
    - How do we detect intruders?
What if I do not comply?
The GDPR is a regulation that becomes mandatory from 25 May 2018 and non-compliance with the Regulation as of this date may incur fines up to EUR 20 million or, if higher, up to 4% of the volume of the company's global business.
More than a technological change, AN IMPROVEMENT OF BEHAVIORS!
Technology plays an important role in streamlining data protection, automating processes and helping to increase data control, reducing risk and ensuring compliance with legal requirements.

However, it is critical that companies realize that the success of the technology implementation under the GDPR depends essentially on processes, people and their behaviors.

Much more than a simple change of procedures performed in a software, this regulation defines procedures and good practices for the companies with regard to the collection and processing of personal data of their customers, suppliers and employees.

If software is an important tool in this process, the focus should be on changes in management processes. Therefore, each company must analyze and review its internal procedures, understand what personal data it has collected and what its treatment is.
weoInvoice role?
Our commitment is to ensure the confidentiality of personal data (yours and third parties, ie your customers); to inform you about third parties that may have access to the data; and to inform you if undue access is detected.

WeoInvoice has implemented in all of its plans a set of changes that will help it fulfill its obligations under the GDPR, such as:

weoInvoice identify fields likely to contain personal data
weoInvoice forget the personal data owner
weoInvoice portability of the personal data owner
weoInvoice set permission to contact the personal data owner
weoInvoice user profile without access to personal data and limited search
weoInvoice security of the connection between the client and the server
weoInvoice data security and ecryption
weoInvoice login and access protection
weoInvoice weoInvoice privacy policy update
weoInvoice clear indication of the purpose of the data and its treatment
weoInvoice use of registration data for defined and agreed purposes
In addition, a new module was created, the weoRGPD
This tool allows those responsible for the processing of personal data to register, execute, control, monitor, document and audit all obligations under the GDPR.

It aims to ensure that all principles relating to the processing of personal data are safeguarded and dealt with in accordance with the Regulation, and to ensure the rights of owners with regard to their data in relation to the entity responsible for their processing.

O módulo weoRGPD implements the following GDPR compliance steps:

1. Know the Regulation and its timings
2. Designate a data controller
3. Inventory data processing processes
4. Define and manage risk on personal data
5. Prioritize actions to be taken
6. Perform internal processes
7. Creating protective measures
8. Create Compliance documentation

Other services
Your participation is important. Your opinion counts. Your experience is valuable.

For these reasons share all this with us, send us an email to and give us your feedback about weoInvoice.
This is a system that is constantly evolving and you are an essential part in this evolution.
We are fully available to find partners so we can grow together.
If you can bring an added value to weoInvoice and if we we can add value to your business, do not hesitate to contact us.
Got a question?
See the FAQ, please email us at Support or fill out the form below.