Most organisations and businesses are still blissfully unaware just how much the new European General Data Protection Regime (GDPR) is going to affect their business processes. They are also unaware of the severity of the fines if they are not compliant.
Businesses need to be aware of five important things: -
- They will need to identify each and every one of their business processes which involve handling data to see which are subject to GDPR and detail how that data will be processed, stored and used
- They will need to employ and pay the salary and expenses of a Data Protection Officer, whose job it is to make the Data Protection Impact Assessments and report back whether or not you are compliant to the member state's Data Protection Regulator, or Privacy Commission. So effectively you pay for someone, bound by law to report on your company if you are in breach of the law.
- Each member state can write its own data protection laws, so there will be no set standard across the whole EU. This could mean in theory that each business has to write several policies for one business process.
- Penalties for non-compliance can run into millions of Euros.