In response to this unprecedented technological penetration, the EU General Data Protection Regulation (GDPR) 2016/679 is the most important change in data privacy regulation in the last 20 years.
GDPR is short for the General Data Protection Regulation and has come into full effect May 25, 2018. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR impacts many areas of an organisation: legal and compliance, technology, and data:
The GPDR introduces new requirements and challenges for legal and compliance functions. Many organisations will require a Data Protection Officer (DPO) who will have a key role in ensuring compliance. If the GDPR is not complied with, organisations will face fines up to 4% of global turnover.
New GDPR requirements will mean changes to the ways in which technologies are designed and managed. Documented privacy risk assessments will be required to deploy major new systems and technologies. Security breaches will have to be notified to regulators within 72 hours, meaning implementation of new or enhanced incident response procedures.
Individuals and teams tasked with information management will be challenged to provide clearer oversight on data storage, journeys, and lineage. Having a better grasp of what data is collected and where it is stored will make it easier to comply with new data subject rights –rights to have data deleted and to have it ported to other organisations.
For more information, please visit:
eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679