The General Data Protection Regulation (GDPR) comes into force at the end of May. With it only being a number of weeks away we thought we'd ensure that you are ready for all the changes coming into place. Here is what you can expect.
What is GDPR?
The General Data Protection Regulation will come into effect on 25th May 2018. It initially was drafted as part of the 1995 EU Data Protection Directive, meaning that it was a guideline businesses should follow, rather than being legislation. From 25th May it will be a legal requirement for you to observe and implement the action points. Failure to do so will result in tougher penalties for an organization.
Why is GDPR coming into force?
GDPR is coming into effect as it was identified that people should be given more control over who has their personal data, how it is used and stored. The new regulation comes into line with data storage technology such as the cloud, something that didn't exist when the 1995 Directive was written. The new regulation will ensure that no matter where or how a persons data is stored it is kept safe and used correctly. As an organization it is vital that you put procedures in place to ensure any clients, partners or third parties have their personal data stored in the correct way. It is also a way of ensuring that all businesses are given a clear and simple legal process, making it consistent across the board.
What happens if you suffer a data breach?
Firstly it's important to remember that it's not about if your organization will suffer a cyber breach, but when it will happen. Taking this sort of attitude will is a much more proactive approach to cyber security. Under the new regulation you have to inform the data protection authority within 72 hours of becoming aware that a breach has happened. Why is this important? Well trying to mask the cyber breach or failing to make the authorities aware will result in a pretty hefty fine, which is split into two tiers.
GDPR penalties and fines
The penalties sit within two tiers:
- 2% of your global annual revenue or €10 million, whichever is higher
- 4% of your global annual revenue or €20 million, whichever is higher
Which fine you receive depends on the attitude you've taken towards keeping personal data protected. If you have proven that your organization has taken the necessary steps to protect the data of your clients, partners and third parties then it's likely you won't receive the higher fine. As an organization it is vital that you put in the people, processes and technology to ensure that data is managed and stored in the safest way possible.
How Nettitude can help