The European Union GDPR is a very important change in the regulation of data privacy. It’s a replacement of the 95/46/EC Data-Protection Directive. The regulation was specially formulated to harmonize laws regarding data privacy in Europe, safeguard the data privacy of all European Union citizens and to change how organizations across EU approach data privacy.
It took the European Union parliament four years of deliberations before finally approving the regulation on 14th April 2016. The official enforcement date is 25th May 2018. Any organization that fails to comply with GDPR provisions will be obligated to pay hefty fines.
When is the regulation coming into effect?
As mentioned above, the European Union parliament officially approved and adopted the GDPR in April 2016. It will become effective after a transition period of two years. The directive doesn’t necessarily require passing of enabling legislation by any government. Therefore, the official enforcement date is May 2018.
Who will be affected by General Data Protection Regulation?
The regulation applies to organizations found within the European Union as well as those outside EU that offer commodities and/or monitor how EU data subjects behave.
It’s applicable to all organizations that possess or process personal data of subjects living in the EU, the organization’s geographical location notwithstanding.
Consequences of non-compliance
Organizations that fail to comply with General Data Protection Regulation would be forced to part with 20 million sterling pounds, or pay a fine equivalent to 4% of yearly global turnover.
Serious infringements such as failure to obtain express consent from customers before processing their data or infringement of the primary Privacy by Design aspects are some of the offenses that can attract the above-mentioned maximum penalty.
The approach to imposition of fines is tiered. For instance, an organization can be asked to pay 2% fine for having disorganized records, for failing to notify the authorities and subjects about a data breach and for failing to carry out impact assessments.
The rules apply to controllers as well as processors. This means GDPR can also be enforced on clouds.
Why your organization may need to employ a DPO
GDPR makes it mandatory for all public authorities, organizations that process sensitive or confidential personal data in large scale, and organizations that systematically monitor the behavior of data subjects in large scale to employ Data Protection Officers.
OpDecision is renowned for providing excellent wireless expense management services for corporate bodies. Our vast experience in the industry coupled with ground-breaking wireless cost-analysis process can help your organization reduce expenses by approximately 50%.
The experts at OpDecision have in-depth understanding of General Data Protection Regulation and can help your organization comply with the regulation.
If you have any questions about GDPR, please get in touch with us.