Are you ready for the new European Data Protection legislation to come into effect in 2018? The legislation, developed by the European Union with the intention of creating an unequivocal and safe European digital environment, will affect all organizations dealing with sensitive data.
The GDPR legislation is there to protect citizens against data theft and loss, ensuring all organizations that handle data to take due care and attention. Processes related to collecting, processing, using and sharing data are about to change. With this legislation, Europe are applying some of the most advanced laws on data protection and privacy: In an increasingly digitized society, it's important to have confidence that an organization is adept at handling your data.
The new situation
The incoming legislation presents organizations with strict boundaries with regard to collecting and saving personal information. Anyone breaching these strict terms is punishable by law. One example of an existing duty we have is that of obtaining permission to place cookies. An additional obligation to arise will be to obtain your contact's explicit permission to collect, handle and use their data. Several countries in Europe already required you to obtain consent to send certain types of email, now you will need this consent per topic and message type. For instance, if someone agrees to receive your newsletter, this will not allow you to send him or her offers, and vice versa.
Data transferred over a network is at greater risk of a leak or incident, the GDPR compels you to take appropriate technical and organizational measures to protect personal data against calamities, loss, mutation, unlawful deletion, illicit publication and unauthorized access. Additionally, the new regulations mean that certain requirements will apply directly to data processors for the first time, which is likely to affect Cloud Service Providers for example. Also, the GDPR expands the territorial scope to not only those established in the EU, but also any processing of personal data subjects who reside in the European Union, where processing relates to the offering of goods or services to them, or the monitoring of their behaviour.
Working towards the GDPR
While these examples may appear simple, the consequences of this legislation on the whole certainly won't be. Many organizations - both commercial and not-for-profit - are going to have to ask themselves: how do we prepare for compliance with this law?
Asking this question alone will not be enough; taking action is a matter of urgency. Organizations will have to act with immediate effect, putting in place measures to ensure compliance with the legislation by 25th May 2018. Failure to comply could have disastrous consequences for your organization, not only the implication of financial penalty, but also the potential damage to your company's reputation. With maximum fines as high as twenty million euros or four percent of one's global turnover, whichever is highest, the overall impact could be significant - to the point of bankrupting a company.
Don't delay, act now! Contact Global Knowledge for information, training and support to help you take the appropriate action and fully prepare your organization for the implementation of the General Data Protection Regulation.