The General Data Protection Regulation (GDPR) will come into force in May 2018 and will affect all companies doing business in the EU. It is imperative that you and your company are ready for the changes to ensure that you comply with the strict new requirements.
Designed to protect personal and sensitive data, the goal of GDPR is to give all EU citizens complete control of their personal data, by providing a universal approach to data protection for all businesses who hold information about EU citizens (regardless of their place of business). It is the biggest shakeup of data protection in the EU since 1998.
Many businesses will need to make significant changes to their operational habits or face the consequences. Failure to comply with GDPR would be costly mistake, with fines of up to €20 million.
The main themes of GDPR are:
- Data protection - All companies that collect personal data from EU citizens must ensure that they have reasonable data protection measures in place. This includes a data breach policy (data breaches must be reported immediately) and threat assessment.
- Data control - EU citizens have the right to access their data and request information about how it is being used, can request to take their data elsewhere and have the right to demand that their data be erased.
- Data responsibility - Public authorities and those who store or process a large amount of personal data must appoint a Data Protection Officer (DPO).
- Examine areas where data protection strategies are necessary for your business.
- Employ a Data Protection Officer (DPO) if required.
- Conduct a risk assessment of all data coming into your company and create a data protection policy which will govern how you control the use and storage of data.
- Employ security measures to ensure you are GDPR compliant.
- Regularly review security measures and risks to ensure that you stay compliant.
In the months leading up to GDPR it is imperative that companies examine their current data protection policies and put appropriate data security measures in place before the deadline.
This is where we can help. We have a team of regulatory experts ready to advise you on every aspect of GDPR.