As a new global privacy regulation is about to impact businesses worldwide, now is the time to become informed and get prepared for the European Union’s (EU) General Data Protection Regulation (GDPR). With personal data at risk, these changes come as an opportunity to turn GDPR into an advantage. Every business process that collects, uses and manages personal data presents an opportunity to reconsider risk management, introduce operational efficiencies, and better protect at-risk assets.
The European General Data Protection Regulation (GDPR) will come into force on 25 May 2018. It aims to standardise and strengthen the right of European citizens to data privacy by emphasising transparency, security and accountability by data controllers.
While many of the themes, high level requirements and language of the GDPR are not vastly different from existing data protection legislation, the GDPR imposes new obligations and stricter requirements on in-scope organisations. The GDPR also includes provisions to impose administrative fines of up to €20 million or up to 4 percent of global turnover (whichever is higher) for certain infringements. If an organisation processes the personal data of people in the EU, or is a data controller or processor established in the EU, the GDPR will apply.