- On October 24, 2017
- 0 Comments
The European Union (EU) General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. GDPR is a regulation which mandates data protection and privacy of the EU citizens. The legislation will be applied starting May 25th, 2018 –when all the organizations whose activities are not compliant with it will face potential fines, which could be severe: up to €20M or 4% of global annual turnover, whichever being higher.
Which businesses are affected by GDPR?
All businesses that operate within the EU or who are located outside of EU, but are doing business with, or monitoring the behaviour of EU data subjects are required to comply with the regulation. Data examples are name, email address, medical history, bank details, computer IP address, geospatial data, cookie data etc. In regards to managing data, GDPR acknowledges two main roles:
• Controller – “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
• Processor – “a natural or legal person, public authority, agency or other body which processes personal on behalf of the controller”
Both of these roles are required to obey a set of demands in order to ensure compliance with GDPR.
What are key responsibilities of my organization according to GDPR?
If your organization deals with regular and systematic monitoring of data subjects on a large scale, it is mandatory to introduce Data Protection Officers with expert knowledge in the field. Every data breach is required to be reported within 72 hours to supervisory authority. Breach also has to be reported to all the persons and entities that are impacted by it.
Businesses are obliged to undertake a set of technical and organizational measures in order to ensure that data processing and management is in compliance with GDPR. In addition, all the measures have to be provable. That means an impact on the way business processes are being documented.
According to PwC survey, 92% of U.S. companies consider GDPR to be a top data protection priority for them. The regulation indicates it will cause rethinking of strategies and potential shift of competitive landscape. In Europe, 23% of companies don’t know their own strategy regarding GDPR regulation, according to IDC research. Extended jurisdiction beyond EU borders makes the regulation of global significance.
We at SuperAdmins understand the position of our clients and we are prepared to engage in finding a solution that best suits your needs. Areas that are key for ensuring that your data protection measures are compliant with GDPR are:
• Mapping out the current state and identifying elements that need to be upgraded or introduced
• Making a model for risk and control
• Establishing procedures and policies that are in compliance with GDPR requirements
GDPR Frequently Asked Questions – http://www.eugdpr.org/gdpr-faqs.html
GDPR in Focus – http://idctrendspotter.com/gdpr_in_focus
General Data Protection Regulation (GDPR) requirements, deadlines and facts – https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
GDPR compliance: what organizations need to know – http://www.information-age.com/gdpr-compliance-organisations-need-know-123465756/