With the EU’s General Data Protection Regulation (GDPR) to be enforced in just over a year, organizations need to learn what they need to do to achieve compliance. Most large organizations’ preparations are now underway, but smaller ones should now also be taking the appropriate steps.
With that in mind, we’ve gathered some key information to help you get to know the GDPR:
Top-level changes under the GDPR that will affect how you handle data
- Even if your business is not in the EU, you will still have to comply with the Regulation if you handle EU residents’ personal data.
- The definition of ‘personal data’ is now broader, encompassing factors such as an individual’s mental, economic, cultural, and social identity.
- You must obtain clear and affirmative consent to process personal data, and parental consent will be necessary to process children’s data.
- A data protection officer (DPO) will be mandatory for certain companies.
- You must perform a data protection impact assessment (DPIA) before undertaking high-risk data processing activities.
- Data subjects have the ‘right to be forgotten’.
Increased penalties under the GDPR
Under the GDPR, penalties could be as high as €20 million (approximately $21.5 million) or 4% of the company’s annual global turnover – whichever is greater. For many businesses, this will mean that the threat of insolvency or even closure as a result of penalties will soon be very real.
How to report data breaches under the GDPR
Once the GDPR comes into effect next May, organizations will have to report data breaches to the national regulator within 72 hours of discovery. US organizations will need to designate a representative in the EU, and the country they are based in will be the relevant supervisory authority.
Reported breaches must explain what happened, what you’ve done about it, and how data subjects will be affected. If data subjects’ rights are likely to be threatened, you will also have to inform them that their rights have been compromised and the risks that this creates.
Getting to know the GDPR
As we’ve discussed, the GDPR will likely bring significant changes to the way you manage data in your organization. Now you can develop your understanding of how the Regulation will affect US companies with our current book of the month, EU GDPR & EU-US Privacy Shield – A Pocket Guide.
The book lays out the terms and definitions used within the GDPR and the EU-US Privacy Shield in simple terms, the key requirements that your organization needs to know about, and advice on how to comply with the Regulation.
If you buy before the end of April, you’ll save 10%.