GDPR is the new EU personal data protection regulation. It will replace existing legislation in all EU countries and introduce new requirements and limitations for all companies. What does it mean and how do you prepare for GDPR compliance?
User rights are considerably expanded under GDPR. A company that does nothing before May 25th 2018 will very likely find itself breaking the law and risking huge fines.
According to Gartner in their “Adapt Your Cloud Hosting Proposition Now for Imminent GDPR European Privacy Regulations” analysis; less than 50% of all organisations will fully comply with the GDPR when it goes into effect.
According to the EU GDPR portal: “Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.”
How is GDPR different from existing data protection laws?
Aside from the higher penalties for non-compliance, there are four main areas that organisations must consider.
- Limitations on personal data processing. Every processing activity must be justified and access limited as much as possible
- Security requirements. Data processors and controllers must take responsibility for the protection of the data they handle
- Documentation and notification requirements. Processing, access and data breaches must be properly managed and notified to the local regulator
- Stricter rules for consent. Consent mechanisms must be reviewed and processes created to allow individuals to exercise their rights
All organisations are affected, and larger ones (employing more than 250 employees) have ADDITIONAL obligations.
Get started on your GDPR compliance programme now
Please undertake a readiness audit within your organisation and speak to Prodware if:
- You have insufficient resource and understanding of how GDPR affects you and what you need to do
- You have difficulties identifying personal data repositories and access levels
- Your ERP/CRM is not ready to collect and manage consent and personal data
- You have no data protection policies and/or are unable to apply them
- You have inadequate security systems
- You need support with GDPR compliance documentation audit, readiness and management
In the meantime, take a moment to review GDPR key changes and FAQs from the official EU website.