News and Events

General Data Protection Regulation...are you ready?

  • Posted

Having spent over four years in preparation, the official text for the General Data Protection Regulation (GDPR) has now been formally approved; it’s been translated into the EU’s official languages and published in the Official Journal of the EU. This marks both the end of the legislative process and the start of the two year countdown until the new regulation comes into force in May 2018. And of course, compliance is mandatory.

So now to the real question…are you ready for it? 

The new law is complex and strict, offering increased rights to individuals and requiring organisations to up their levels of compliance.  All in all it is intended to have global effect, transforming the way in which personal data is collected, stored, shared and processed and ensuring businesses are more accountable for their practices with respect to personal data.

The new regulation will apply across all EU states without further amendment by individual parliaments.  And it isn’t just restricted to those organisations based within the EU. Regardless of where the organisation is based, if it monitors individuals’ behaviour or offers goods or services to individuals in the EU, regardless of whether any payment is required, they will be caught by the new regulation.

What you need to know:

  • Organisations could face fines of up to 4% of worldwide annual turnover for non-compliance
  • The meaning of personal data is widened to include information such as online identifiers
  • Requirements in respect of gaining an individual’s consent are strengthened and require higher standards to be met
  • Mandatory appointment of Data Protection Officers for some organisations
  • More stringent breach reporting requirements
  • Substantially increased rights for individuals particularly the right to portability and erasure as well as the expansion of rights around access to personal data
  • Wider range of measures to legitimise the transfer of personal data internationally

This is by no means an exhaustive list, it simply highlights some of the forthcoming changes and the increased obligations that will be placed on organisations.

The Information Commissioner’s Office has not surprisingly also emphasised its importance and issued a 12 step plan to help businesses to prepare.

The message is clear - this is more than simply a compliance exercise.  Preparation for the GDPR should begin now in order to be ahead of the game, it will give businesses both the opportunity to embed good privacy practices as well as minimise the risk of potentially huge financial penalties. If you wish to know more then please contact me for further information.