Although there already are directives on data protection and regulation, in less than 7 months from now, Europe’s data protection laws will undergo their biggest changes since they were made in the 90’s.
Considering the amount of data we create, collect, and process, the old laws just weren’t congruent enough to protect the personal data of subjects in today’s IT world of incessant cyber attacks and data breaches.
In light of this, the General Data Protection Regulation (GDPR) was created to overhaul how data controllers handle and process data.
An examination of the GDPR shows how your business can evolve with the times.
What Exactly is the GDPR?
Replacing the previous 1995 data protection directive, the General Data Protection Regulation (GDPR) is a new legislation for data protection laws.
Drafted by the European Commission, the GDPR is aimed at strengthening and unifying data security for entities in the European Union.
Although we have existing data protection laws, as shown in the GDPR, there are significant changes for public as well as private bodies and businesses that handle personal data.
Adopted by the European Parliament and European Council after four years of deliberations and negotiations, the GDPR’s underpinning regulation and directives were published in April 2016.
The GDPR is unique in that, its reach is not bound to the EU, but is instead worldwide.
Hence any organisation in possession of the personal data of an EU citizen is bound to comply with GDPR laws.
GDPR: An Evolution, Not a Burdensome Revolution
Although, the GDPR is presented as the most significant change in data protection laws in more than two decades, on closer look, the changes are more of an evolution of existing data protection laws than a total revolution.
And this fact is backed up in a recent blog from the ICO where the UK’s Deputy Information Commissioner, Steve Wood insisted that “The new regime is an evolution in data protection, not a revolution”.
So, the new regulation is not as burdensome as some stakeholders make it to be. Granted, any reform of this magnitude will have an impact on any organisations operations as well as resources.
Forthwith, the GDPR is an evolutionary process, building on foundations already laid for the past 20 years with significant long-term impact not obvious at this point in time.
The GDPR’s Impact on Businesses
Irrespective of whether you are an individual, start-up or enterprise, if you fall into the category of personal ‘data processor’ or ‘data controller’, you are under the GDPR’s jurisdiction.
The GDPR demands of organisations impeccable security as well as accountability for how they use the personal data of individuals.
Fines of up to €20 million or 4 percent of gross annual turnover (whichever is greater) of companies who fail to report data breaches is common news by now.
Alongside mandatory security notifications, a clearer definition of what could be described as personal data, new rules around user consent, and greater rights of user’s access to information companies hold on them is required under the new legislation.
Meeting GDPR Compliance
If your organisation is over 250 employees in staff strength, processing data of more than 5000 entities; investigating the need for a Data Protection Officer (DPO) who will amongst others work towards and monitor compliance could accelerate your company’s GDPR efforts.
Regular Data Protection Impact Assessments (DPIA) are deemed necessary for most organisations and may be mandatory for yours to anticipate risks and develop contingency plans to mitigate them.
Thoroughly carried out DPIA’s can help put you on track to meet the GDPR’s requirement of ‘Privacy by Design.’
Although meeting GDPR compliance may seem an arduous process, our FREE no obligations GDPR awareness questionnaire will plot for your organisation a custom roadmap to meet compliance.