The New European General Data Protection Regulation (“GDPR”) – time to panic or time to transform?
The new EU Regulation 2016/679 the “General Data Protection Regulation” (“GDPR”), is a European Regulation which has already come into effect and is due to be implemented on the 25th of May 2018 aiming in the creation of a much stricter and tougher data protection regulatory framework of personal data of European Citizens.
The GDPR enhances the protection of European individuals, by making it applicable to all companies and institutions whether located in Europe or not, as long as they processing data of European citizens. Therefore, the criteria for whether the GDPR applies to your company does not depend on whether your company is based within Europe, but on whether your company is in possession, stores or processes data information of EU citizens.
The GDPR consists of 99 Articles and has created unease to many organisations and companies, as they must “get ready” before its implementation. All companies must ensure that their data (the way data is stored, processed etc) is in full compliance with the provisions of the Regulation by the 25th of May 2018.
Non-compliance with the GDPR may have a fatal impact on a company, since contraventions of the Regulation will be punishable by fines of up to either €20 million or 4% of the total annual worldwide turnover of the company, whichever is higher. Thus, it is only natural that businesses are at “unease” in order to make sure that everything is put in place, on time.
However, the GDPR should be seen as a positive way forward, enhancing EU citizen data protection and simultaneously providing all companies with a strategy to possess and process all individual’s information in a more efficient and targeted way. After all…why not?
• Assess whether the GDPR applies to your company / organization and whether it is subject to its provisions – Is your company, of any size and maturity, in possession or processing data of EU citizens? Then the answer is YES.
• If the answer to the above is YES, then you must increase awareness of the new GDPR within the company, and start by editing all privacy notifications as well as making sure that each individual consents to giving his/her personal information to your company for the specific intended purpose.
• Ensure that the procedure applied in your company is in compliance with the GDPR provisions – the way the data is stored and at which point the information may or has to be deleted.
• Ensure that the procedure applied with regards to electronically shared data is in compliance with the GDPR and make sure that no information / data is processed in a way that may eventually be used by another organization – whether affiliated to your company or not.
• Assess whether you are a “processor” or a “controller” or both!
• Determine whether you need to formally appoint a Data Protection Officer, in order to ensure compliance with the GDPR as well as making sure that the proper infrastructure for identifying, handling and reporting a possible breach of the Regulation is in place.
Although the implementation of the GDPR has “set an alarm”, the reality is that with the correct guidance and professional assistance, setting the adequate basis for compliance with the Regulation can be done, by taking some positive steps.
For more information and consultation on the matter you can contact us on firstname.lastname@example.org. We will be happy to assist you.