The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018 and currently, many organizations are considering the actions to take to become compliant before the deadline.
At its heart is our fundamental right to privacy. GDPR will enforce a stronger data protection regime for organizations that operate in the European Union (EU) and handle EU citizens’ data. The Regulation constitutes the protection of personal data of employees, customers and others. It makes all the data collected about us ours to control. This renders the processing of our data by others unlawful by default, and only made lawful by adhering to some stringent criteria or legal avenues.
Considering that personal data represents critical and sensitive information that all organizations should protect, such a regulation will help put in place appropriate procedures and controls to prevent Information Security breaches.
The UK Information Commissioner’s Office advises that step one in preparing for the GDPR is to raise you and your organization’s awareness.
The GDPR will have implications across any organization; sales, marketing, HR, IT and many other departments will need to understand how it might affect their day-to-day work. Employees from the senior decision-makers downwards will need to be aware of their own responsibilities and obligations. We are used to data protection being the realm of digital security experts, encryption and the IT department. The GDPR places the responsibility of privacy squarely in the hands of everyone in the organisation. From Marketing and Sales, IT and HR, all the way up to the boardroom.The reach will also be global, not just restricted to the European Economic Area. Wherever you are in the world, if you are collecting or processing data on anyone in the EU, you will need a strategy. And that’s not just EU citizens, but anyone located in the EU, including travelling on business and tourists, regardless of their nationality or residence.
Non-compliance with the GDPR will represent a breach of a person’s fundamental rights, the consequences of not complying with the regulation will be much more severe than those we’ve seen up until now. The maximum fine will be 20 million euros, or 4% of global turnover, whichever is the higher.
Even though the consequences for businesses are profound and far-reaching, a recent YouGov survey revealed that over 70% of businesses have yet to start preparing for the GDPR.
The General Data Protection Regulation course can be followed in different ways: