The information era brings blessings to the human society, but at the same time threatens people’s privacy. As humans spend increasing amounts of time in the digital world, personal data protection is placed at the heart of many hot debates, which often conclude that we currently live in a world where people’s privacy is highly fragile.
The new General Data Protection Regulation, adopted in 2016, will become enforceable on May 2018 and will replace the EU Data Directive established in 1995. Such regulation is applicable to all EU organizations and any organization worldwide that handles and processes data of EU citizens. As we approach the GDPR’s enforcement date, preparations for the GDPR should be high on the agenda of every business or board.
EU organizations have 7 months left to implement and conform to the new regulation, or the failure to comply will be expensive, with penalties of up to 2% of total worldwide annual turnover. In case of more serious infringements, the fines can amount to €20 million or 4% of total worldwide annual turnover, whichever is greater.
Organizations will certainly have to change the way they handle and process data, but more importantly, it is necessary to shift the organization’s mindset to ensure that customer concerns are properly addressed though every organizational policy and data protection is placed at the heart of every business strategy.
GDPR should not be seen as a burden, but rather as an opportunity to tidy up your data, improve the organization’s reputation, and build more solid relationships.
This regulation introduces the responsibility to appoint a Data Protection Officer (DPO). Even though many organizations already have people that conduct some DPO duties (under the EU Data Directive), Data Protection Officers under the GDPR will have far more responsibilities in providing accurate information on how people’s digital data are processed and protected. Considering the importance and impact of DPO’s duties and responsibilities, a DPO should be highly experienced and multi-skilled, as to deploy the appropriate security and data protection controls that demonstrate the organization’s readiness to operate under the new regulation.
In a globalized and more interconnected business world, GDPR implementation will indeed bring both opportunities and challenges, but it will undoubtedly be a critical success factor for organizations.
As the clock is ticking, it is crucial for organizations to start preparing and act quickly to ensure compliance with the new Regulation.
Official Regulation website: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf