What does the new General Data Protection Regulation mean for you?

Customer Engagement

,

Data Governance

,

Latest Thinking

What does the new General Data Protection Regulation mean for you?

Techedge | Jan 11, 2017

In May 2016 the European Parliament approved the so called “General Data Protection Regulation” (GDPR) that will lead to a reality in which citizens have the same data protection rights across the EU, putting an end to the puzzle of data laws currently followed

The GDPR will help people regain control over their individual data, but it will cause some compliance complications for companies who rely on customer data inputs to successfully run their sales and marketing activities.

The GDPR will become law on May 25th 2018, meaning that these next two years will be crucial for companies to get aligned to all the clauses of the regulation - without exceptions.

While it seems that the core rules of the Data Protection Directive (the law governing use of EU individuals data for the last twenty years) will remain quite the same, companies will need to adhere to new guidelines in the following key areas:

  1. Lawfulness, Fairness and Transparency
  2. Purpose Limitation
  3. Data Minimization
  4. Accuracy
  5. Storage Limitation
  6. Integrity and Confidentiality
  7. Accountability

What do the general data protection regulation changes mean for you?

Below is a list of the main changes that will interest European companies or other companies doing business in the EU:

The introduction of the regulation will allow people to have access to the personal information companies own at any time. They will have the chance to have their details corrected in the case of errors. As for children, adults will also have the “Right to be forgotten” meaning that they will have the right to ask a company to delete all of the information it holds about themselves.

How it affects you
• Data must be stored and maintained in a central location, which includes full auditable data regarding where and when data were collected.
• Create a process for enabling people to request their data statement and update or delete records.
• When data records are changed, you must be able to provide an audit trial indicating when changes were made and by whom.

Organizations will need to appoint a Data Protection Officer (either internal or external). This figure will be involved in all of the relevant data protection issues.

How it affects you
Companies that need a DPO include:
• Public Authorities;
• Firms that engage with systematic monitoring;
• Firms that engage in scale processing of sensitive personal information.

In the eventuality of data breaches, under the GDPR, companies will need to notify authorities (PDA) within 72 hours, as well as to inform the person whose personal data has been breached.

How it affects you
• Security investments will be increasingly critical.
• You will need to create an early warning system for data breaches.
• Companies need to create a process for rapid “outreach” programs for data breach protocol.

In order for a business to transfer personal data outside the EU the GDPR applies the same rules as the Data Protection Directive, which mainly prohibits the transfer of information. Under the GDPR, companies that are sharing their information with other entities have the duty to inform them of eventual errors in the personal data so that these can be corrected.

How it affects you
• You will need data syndication and distribution policies.
• You will need to carefully think through your partnerships around data and inform your data controllers.
• You will need to have a system which enables granular trading of the dataflows, ownership and a focal contact person for managing data updates.


What will result from failure to comply to the General Data Protection Regulation?

Companies and their decision makers should start moving to ensure compliance to the new General Data Protection Regulation sooner rather than later. It is estimated that firms who fail to conform to all the clauses by 2018 will be punished with extremely high fines of around 20 million euros (or about 4% of their global turnover).

We are helping companies understand how to prepare for these changes and minimize the impact on their business. If you want to know more about what General Data Protection Regulation means for you and how it may impact your organization, contact us by filling out the form below!


Subscribe!