The General Data Protection Regulation, or GDPR, is a solution to unify all EU member states’ approaches to data regulation. In short, the regulation attempts to apply identical data protection laws in every country in the EU (and the UK) and to define data standards for businesses. The GDPR effectively replaces the UK Data Protection Act of 1998 and the EU’s Data Protection Directive of 1995.
The new regulation will take effect May 25, 2018.
Before we move forward, keep in mind that the GDPR won’t have an impact for most. Its focus is on protecting citizens’ data privacy rights, so here’s what we can all do to help.
The GDPR will impact any organization that uses EU citizens’ data, even if the business is not located in the EU. “Organization” applies to any organization type, from businesses to non-profits to government. It also applies to any third party, such as an IT firm that handles data processing for your organization.
And even though the UK is due to leave the EU in the next 12 months, residents of the UK are protected under the regulation as well.
Businesses that do not comply with the GDPR could be fined up to €20 million, or 4% of the company’s global annual turnover, whichever is greater. While the GDPR is meant to save the toughest fines for the worst data breaches and data abuse, it’s important for businesses of all sizes and types to adhere to the regulation to avoid these penalties.
Anyone who controls and processes data must ensure personal data is processed lawfully, transparently, and for a specific purpose. The regulation also states that once the data is no longer required, it should be deleted.
To meet those requirements, here are the steps you should take to prepare:
If the regulations seem like they apply to you and you need help getting ready, we recommend getting in contact with one of the authorities on the GDPR.
Read the resources from the EU GDPR website: https://www.eugdpr.org/
Get GDPR Preparedness Services from verified IT consultants:
If you’d like advice on where to turn to prepare for the GDPR, give us a call. We consider ourselves an extension of your team, so don’t hesitate to reach out if you need us.