It is exactly one year today that the General Data Protection Regulation (GDPR) will come into force. With each passing day, the time-frame in which to reach compliance shrinks.
We've created a guide of 10 key GDPR considerations that will help businesses understand the forthcoming changes and better prepare for compliance.
At the time of writing, there is one year to go until the GDPR overhauls all existing data protection laws across the EU, in favour of a pan-European framework. But, thankfully there is still time to achieve compliance.
Why Should I Comply?
The purpose of the GDPR is to improve consumer confidence in organisations that hold and process information, by improving businesses’ data handling, information security, and compliance processes.
Failure to meet the compliance guidelines will have severe consequences, attracting fines of up to 4% of annual global revenue or €20 million, whichever is the greater.
With the severe monetary threat that the GDPR poses, it has never been more important for organisations to start readying themselves for the regulation change.
In short, it is no longer a question of why should I comply – but how do I comply?
How Do I Comply?
Fortunately, it's unlikely that organisations will be starting from scratch. The existing Data Protection Act 1998 (DPA) incorporates many similar principles to those expressed within the GDPR, but there are a certain number of new caveats that organisations will be required to comply with.
These key areas include, but are not limited to, the declaration of data breaches, the protection of personal data for children, and the appointment of a designated data protection officer.
All the necessary information, including the full list of additions and enhancements and a comparative look at GDPR vs DPA, can be found within our guide [10 Key Considerations for GDPR Compliance – a Guide for Businesses] which is free to download.
The Brexit Question
There has been a lot of speculation as to the fate of GDPR in the UK after the Brexit vote.
To clarify, the UK aims to cease being an EU member on 29 March 2019. UK-based organisations will therefore face a 10-month period of compliance enforced by the EU itself. But, the terms of the GDPR will pass into UK law unless the government specifically repeals it, and as it was the UK’s Information Commissioner’s Office who took a lead in defining GDPR, as it stands, the UK Government supports its core principles.
More Than ‘Just an IT Issue’
It's easy to dismiss GDPR as simply an IT issue, but, though technology plays a key role in managing data privacy, in reality, an organisation's biggest security vulnerability is its employees.
To become compliant under the GDPR, and avoid data breaches and/or other forms of data mishandling, it’s imperative that every employee, including key decision makers, understand the necessary steps required to become GDPR ready.
10 Key Considerations for GDPR Compliance
To help organisations gear up for GDPR, we have created: [10 Key Considerations for GDPR Compliance – a Guide for Businesses]. This free guide will better prepare your organisation for the changes the GDPR will introduce, help strengthen your data handling and information security practices, and help you avoid significant fines and penalties.
To learn more about the GDPR and why you need to ensure that your organisation is ready for the change, download our guide, find out more about our GDPR workshops or join us for a GDPR breakfast seminar on 16th June.