By May 25, 2018, all companies will have to respect the new European Data Protection Regulation (GDPR). Under this regulation, personal data may only be collected legally under strict conditions and only for legitimate purposes. In addition, persons or organizations that collect and manage personal data will have a dual obligation :
- Respect the rights of data subjects : rights of access, rectification, deletion...
- Protect personal data against any loss, theft, accidental or voluntary loss.
The aim of the new legislation is to provide a uniform legal protection for all EU member states and a high level of protection to EU citizens.
The key elements of the GDPR :
- Expanded territorial reach : Companies that are based outside of the EU, but targeting customers that are in the EU, will be subject to the GDPR which is not the case yet.
- Accountability and privacy by default : The GDPR places a great emphasis on the accountability for data controllers to demonstrate data compliance. They are required to maintain certain documentation, conduct impact assessment reports and implement data privacy by design.
- Role of data processors : Data processors have direct obligations to implement technical and operational measures to ensure data protection, this includes the appointment of a Data Protection Officer.
- Sanctions : The GDPR allows the Data Protection Authorities to impose significant fines that can amount to up to €20 million or 4% of annual global turnover.
The new EU directive has clearly been created in view of the exponential growth of sensitive data and the fact that this data is being shared more than ever before. Mastering, Optimizing and Protecting data on a large scale has proven to be a challenge for large organizations. Without a holistic approach and data protection strategy, this can lead to data breaches, reputational loss and financial penalties.
Is your business ready ?
The GDPR challenge requires close collaboration between the IT department, the management of the organization and the legal department. Indeed, according to a recent study published in the Harvard Business Review, this is a critical issue for the company to the extent that the collection, treatment and storage of personal data are key elements of user trust in businesses and governments.
Rever offers a range of technical solutions to enable Data Privacy Officers and IT departments to meet the challenge of identifying, tracing and protecting personal data.
Having DATA related projects ? Don't know where to start ?
IT security awareness