On the 25th of May 2018, big changes will be made to the way companies can handle data protection of citizens within the European Union as a new European privacy regulation called the General Data Protection Regulation will come into effect. This will update the old GDPR that was introduced to replace the 1995 Data protection act.
Why is the regulation being introduced?
This regulation is put in place to protect the privacy and personal data of EU citizens for transactions that occur within EU member states. It will also regulate the exporting data outside of the EU. Although the regulation will be implemented across the EU and EEA region. However, just because your company is not located in the EU doesn’t mean that it this regulation is irrelevant. It will affect all companies selling to and storing personal information about citizens in Europe. This means the act can include companies on other continents.
What are the benefits of the regulation?
The main benefit is that the regulation will provide citizens of the EU with greater control over their personal data and offers assurances that their information is being protected securely. It will also change the amount of time a data breach has to be resolved it. Before, data breaches could have taken over 2 months to resolve. With the latest regulation timelines, a data breach requires companies to provide information to the country representative within 3 days and details of the EU citizen whose details were involved in the breach immediately. Therefore, breaches will be resolved faster.
An additional benefit of the regulation is that it will make companies become more efficient at their jobs in regards to marketing and collecting consumer data as they have to be clear and open with their data collecting methods. This will create a valuable opportunity for companies to rebuild trust with their consumers.
What is personal data?
According to the legislation personal data is any information related to a person such as a name a photo an email address bank details location details medical information of computer IP address.
What effect will the regulation have on businesses?
This act will have big implications for businesses as the duty of complying with this regulation falls upon businesses and organizations. As mentioned before it will apply to all businesses and organizations established in the EU regardless of whether the data processing takes place in the EU or not. Therefore, if your organization has a presence by storing or processing personal information about citizens located in the European Union then it will have to comply with the act even though the organization is located outside of the EU.
What will happen if a company is Non – compliant with the regulation?
If the companies are found to be noncompliant or in breach of the regulation they can be heavily fined. These fines can be up to 20 million Euros or 4% of the company’s global turnover. The fine will depend on which penalty is higher.