No matter where you are in the world, if you’re handling private data connected to citizens of European Union countries, then you need to know about the General Data Protection Regulation.
Agreed upon by the European Parliament in April 2016, this legislation replaces the Data Protection Directive, having come into force in spring of this year.
Effective on May 25, 2018, companies who were formerly in compliance with the DPD must now ensure that they’re compliant with the new provisions encompassed in the GDPR.
This is an effort to safeguard the personal data of citizens of member states. Understanding the General Data Protection Regulation means protecting your company and avoiding the heavy fines which attach to non-compliance.
Provisions of the GDPR
Important provisions of the GDPR include:
- The need to obtain consent of people whose data you hold prior to processing
- Shielding identities by anonymizing data
- Notification of data breaches
- Safeguarding data being transferred across national boundaries
- In some cases, companies must procure a data protection officer to ensure full compliance
Who must comply?
The European Union’s pretext for creating the GDPR is to establish a consistent legislative framework for all member states. This precludes the need for individual nations to formulate their own laws and creates a uniform approach for all EU nations.
But your company needn’t be located in the European Union to be held to the GDPR. In fact, any company, anywhere in the world, which does business with people living in EU countries must comply.
That means that the GDPR will change the way data is collected, processed and maintained by companies and stakeholders everywhere.
A closer look
Whether required to or not, if you’re doing business in the EU which demands that you collect data from citizens of EU nations, it’s highly advisable to put a compliance officer in place.
With 91 articles over 11 chapters, a dedicated person with a thorough knowledge of the GDPR makes perfect sense to avoid running afoul.
Not only are you required to treat personal and consumer data with greater vigilance, consumers are empowered by the legislation to demand that their records be purged.
Data breaches must also be shared within 72 hours of the breach occurring. This presents a serious exposure for many companies, so ensuring that your systems are fully protected from hostile incursions is an imperative you can no longer ignore.
In the event that a data breach presents a clear danger to subject rights and freedoms, then immediate response is demanded by the GDPR.
Under the provisions of the GDPR, companies in violation thereof may also be subjected to heavy fines and audits to assess the effectiveness of their security systems. Fines under the GDPR can be as high as 20 million Euros.
If your company’s doing business in European Union nations, then understanding the General Data Protection Regulations is a priority.
With fines as stratospheric as those set out in the GDPR, you can’t afford not to have your compliance ducks in a row. Concerned? Contact OpDecision.