GDPR – the countdown has started
The countdown to the essential data protection changes has started, with the General Data Protection Regulation (GDPR) coming into scope on 25 May of this year. GDPR is the most important change in data privacy regulation in 20 years, and it’s also a business topic of utmost importance as it will change the way businesses operate on a global scale, with legislation designed to empower and protect European Union (EU) citizens’ data privacy.
But first, what is GDPR?
The General Data Protection Regulation intends to strengthen and unify data protection for EU citizens and give individuals more control over what happens with their personal data. According to the European Commission, “personal data is any information relating to an individual, and it can be anything from a name, home address, photo, email address, bank details, posts on social networking websites, or a computer’s IP address.”
Does GDPR apply to your company?
Most likely, yes. This new regulation will be in scope in the European Union, but it will apply to all companies that collect and process EU residents’ personal data, regardless of their location. As some of these individuals might be your customers if you have an international business, it means you will be required to comply with GDPR. With great power comes great responsibility – failure to act quickly to prepare for the regulation could have serious consequences to anything from your bottom line, customer relationships or brand image. The new data protection rules will also be enforced with actionable fines and penalties for those not meeting the regulation. Under GDPR, organisations in breach of the legislation can be fined up to 4% of annual global turnover or up to €20 Million, whichever is bigger.
Preparing for GDPR
Despite imposing a series of strict rules, GDPR will also provide specific guidelines to help you protect your clients’ data. Here are some of the data rights explained:
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach.
Right to Access
Part of the expanded individual’s rights over their data is the fact that they can obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten means that individuals can ask data controllers to erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of their data.
Privacy by Design
At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
What measures is your company taking to prepare for GDPR? The countdown shows little over 80 days left until the enforcement of this data protection regulation.