Build the right GDPR programme for your business
Supporting your organisation at every stage of the GDPR compliance journey
What is GDPR?
The General Data Protection Regulation is a new privacy regulation across the European Union.
It provides individuals with more control over their personal data, ensures transparency about the use of data, and requires security and controls to protect data. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) established back in 1995. The regulation was adopted on 27 April 2016 and it becomes enforceable from 25 May 2018.
The penalties for failing to comply with GDPR are severe:
%
annual global turnover
or
million €
GDPR contains requirements about how you collect, store and use personal information:
Identifying and securing the personal data in your systems
Accommodating new transparency requirements
Detecting and reporting personal data breaches
Training privacy personnel and employees
Since the adoption of the initial directive, the world’s landscape has immensely changed and evolved. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
%
of Organizations Will Struggle to Meet EU GDPR Regulations by Deadline*
* The finding is from VansonBourne independent survey
Who should be concerned about GDPR?
Compliance with GDPR is required by any organization (including those outside the EU) that holds or processes data from EU residents. It replaces the Data Protection Directive (DPD) 95/46/EC to become the single, all-encompassing privacy protection regulation in the EU.
GDPR also states that the responsibility for privacy protection lies with any companies who store, collect, manage and analyze any form of Personally Identifiable Information (PII).
Don’t wait until it’s too late
Given how much is involved, you should not wait until the regulation takes effect in May 2018 to prepare. You need to begin reviewing your privacy and data management practices now. Failure to comply with the GDPR could prove costly, as companies that do not meet the requirements and obligations could face substantial fines and reputational harm.