The GDPR is the most detailed regulation on data privacy since the introduction of the 1995 EU Data Protection directive. This new, pan-European regulation will replace the 1995 directive and is set to empower individuals and protect their rights. This regulation is not designed to bring companies and countries to their knees, but it has been authored in such a way that anyone who puts their head above the parapet can be censured very quickly and very severely.
Individuals will have the opportunity to question how companies store their data and seek compensation where their rights were breached. Furthermore, it is no longer enough to state that an enterprise is compliant – evidence will have to be displayed, which pushes companies towards a ‘privacy-by-design’ approach to data protection, forcing the design of systems and processes to include data protection from the outset.
Getting ready for GDPR may not be straightforward and it is likely that data heavy enterprises who have yet to start the journey towards GDPR will find themselves on the wrong side of the regulation deadline come May 2018 when fines come into force.
The regulation is already in place, so don’t expect a lengthy grace period. Fines can reach €20 million or 4% of global turnover for lesser transgressions and can go to €10 million or 2% of turnover for lesser errors.
If you are at the beginning of the cycle or just considering the first steps, we recommend that you consider the following:
We have seen many organisations struggle on the first hurdle and this often occurs due to legacy systems, siloed information across teams and departments. If you have a plan and you’re on the road to compliance, then you’re on the right track. If you have yet to launch your plan or perhaps your organisation is paralysed by the sheer enormity of the task, we have a range of solutions and a team of specialists that can help.
[cta link=”http://www.trc-solutions.com/gdpr-and-your-business/”] Download the Guide to GDPR Guide from TRC Solutions [/cta]