From 25 May 2018, the EU GDPR (General Data Protection Regulation) will affect every organisation that processes the personal information of EU residents.
With less than two years to go, tens of thousands of organisations around the world are facing a major upheaval in the way they process data. Here are 7 things hidden within the 261 pages of the GDPR that you need to be aware of:
- Breached organisations can expect fines of up to 4% of annual global turnover or €20 million – whichever is greater. Note, this refers to turnover, not profit.
- If your business is not in the EU, but you sell to EU customers, you will still have to comply with the Regulation.
- You will need parental consent to process the data of under 16s.
- It will be mandatory to appoint a DPO (data protection officer) for certain companies, including public authorities and large-scale data processing firms.
- Data controllers will be required to conduct privacy impact assessments where privacy breach risks are high.
- Data controllers will be required to report data breaches within 72 hours.
- Data subjects have the “right to be forgotten”.
Getting ready to comply with the GDPR
We advise you to start sooner rather than later. Don’t underestimate the length of time it will take to dismantle, recreate, adjust and amend your current data protection system. Remember, you need to be compliant by 25 May 2018.
Start by reading EU GDPR: A Pocket Guide. This simplifies the GDPR’s 261 pages of legalese into a handy guide to give you a better understanding of the requirements. Better still, it uses business terms rather than technological jargon, making it extremely easy to read.
After gaining a basic overview, consider attending a Foundation and/or Practitioner course to gain a better understanding of how the GDPR will impact your business and how you can go about implementing it in your organisation. Many organisations will be required to appoint a DPO and practitioner training will give you that “expert knowledge of data protection law and practices” that the Regulation requires.
When you implement the GDPR, you will need to produce compliant documentation. The EU GDPR Documentation Toolkit will provide you with all the critical documents your organisation will need, including documents covering data protection policy, DPO requirements, privacy impact assessments, incident response and breach reporting.
IT Governance is here to help
We understand many businesses don’t know where to begin with this stringent Regulation, which is why we’re available to help your organisation meet the requirements of the GDPR.