We live in an increasingly data-driven world where each day gigantic amounts of digital information are created. Privacy has changed so much in the last 20 years that original privacy laws are no longer fit to protect user data.
On May 25th 2018 we will see one of the biggest changes in two decades to European data protection laws. Lots have changed since 1995 when The General Data Protection Regulations were drawn up, so it pays to get up to speed on how the GDPR will change in public sectors, businesses, and their customers.
So What Is the New GDPR?
The renewed GDPR aim is to protect individuals data rights and harmonise the data privacy laws all across Europe, with over 4 years of discussions and negotiations the new laws address the export of personal data outside of the EU, it gives control of personal data back to citizens and residents and simplifies the regulatory environment for international business.
Are Companies Going To Be Impacted?
Well yes... And no. The new regulations put the consumer in the driver's seat and all tasks relating to compliance and regulations falls into the hands of business and organisations.
The new rules mean that all companies that process or collect personal data will be subject to GDPR.
There are also new tough penalties for organisations who do not comply with GDPR including fines of up to 4% of annual global revenue.
That said, not all companies are going to have to make drastic changes. Firms that are most likely to have to ensure that they comply with regulations will be the likes of Google, Facebook, insurers and banks.
GDPR - Do I Panic?
Remember these changes are for the benefit of data protection and privacy, as expected this will enhance your relationship with customers due to increased data transparency they now have.
What Happens If An Organisation Is Non-Compliant?
May the 25th is not a compliance cutoff date, rather it is a date where companies must show their intent to comply. There are three objectives organisations should achieve by the 25th of May.
Locate Your GDPR Data
Once you know where your data is located and who can access it, you can start to take the appropriate measures to ensure that data is protected.
Establish A Compliance Plan
Establish a full compliance plan by May the 25th and this will ensure you do not run the risk of getting penalized.
Add Compliance Check to Your Security Program
This is not vital for compliance, rather this will ensure that the plan is regular throughout the lifecycle of the policy update. It will also ensure other security measures are not dropped when all hands work on obtaining compliance.
Disclaimer: The views and opinions expressed in this blog are those of the authors and do not necessarily reflect the official policy or position of any other agency, organisation, employer or company. The author and the blog are not to be held responsible for misuse, reuse, recycled and cited and/or uncited copies of content within this blog by others. Any reliance you place on such information is therefore strictly at your own risk.