GDPR is coming soon to a project near you and you will be better prepared. Introduced in April 2016, the General Data Protection Regulation (GDPR) will have a major impact on businesses worldwide.
Although the GDPR was introduced by the EU two years ago, it becomes enforceable on May 25, 2018, and most of the businesses are terribly ill-prepared.
Even companies that are not based in the EU are likely to be affected. If your company processes the personal data of EU citizens or residents, GDPR applies to you, regardless of your location. As a result, almost all major corporations, businesses, and media groups are affected.
Everything we do, whether in our personal or professional lives, revolves around data, and the stated goal of the GDPR is to give citizens control of their data and personal information.
Prescribes how personal data should be processed, stored, transferred, etc. It is based on pre-existing legislation in several EU countries and has been designed to streamline data protection across Europe.
Preparation of GDPR
The main problem that many companies face with GDPR is that, although it requires that consumer data be reasonably protected, it does not define what the term “reasonable” means specifically. These data may include identity data health records, web information, biometric data, race and sexuality, and political opinions
Know your business, know your role
Large companies will have to reserve more time to implement the GDPR than the smaller ones. In particular, companies need to determine what role they fulfill under the GDPR – whether the company is a data controller or a data processor.
A controller is an individual or entity who decides how the data will be used and for what purpose, while a controller is a person or entity responsible for the processing ( adaptation, registration, retention or obtaining) of personal data.
Initially, it takes less time to prepare GDPR for companies that act as processors because they only process the data on behalf of the controller, and the controller is primarily responsible for personal data issues. However, the processor shares the controller’s responsibility in that the data was processed.
For example, if there is a case of data leak or fraud, the processor will be liable if this data has been processed in a way that does not adhere to GDPR, but the controller will be responsible for the case itself. delegating the transfer of data to the non-compliant processor.
Are you ready for the GDPR?
The cost of implementing GDPR depends on the size of your business and the complexity of your internal system. For example, if you already have team members who have technical expertise, you probably will not need to hire new staff.
A major requirement of the GDPR is the assignment of a data protection officer. This manager does not need to be new, it can be an existing employee with enough expertise to manage the data.
The implementation will cost more to large companies. According to a PwC survey, 68% of US-based companies expect to spend between $ 1 million and $ 10 million on GDPR. The actual cost will depend mainly on your pre-existing system and will focus on the data.
It should be remembered that there is currently no qualified certification agency for GDPR, but many companies offer such services. These certificates in no way guarantee compliance with the GDPR and you must wait until May 25, 2018 before applying for such certificates.
If you are unable to fully implement GDPR, there will be consequences, but they will not occur immediately after May 25, 2018.
It is technically possible to dispense with compliance with the GDPR (although I strongly recommend not doing so), but the GDPR also requires that an inspection process be performed by the European Commission.
If your business is undergoing an inspection and it does not comply with the GDPR, the penalties can be severe. Up to 20 million euros, or 4% of annual global income (whichever is greater), can be levied in case of non-compliance.
Your business will be much better by implementing GDPR as soon as possible. Not only will this eliminate all possible legal ramifications, but it will make your business more attractive as a business because compliance is an exceptional asset for existing and potential customers in Europe, giving you a distinct advantage.
Do not be left behind. Failure to implement GDPR could have a catastrophic impact on your business. Make sure you implement the actions listed above, study the legislation and make sure that all aspects of your business are covered.
If you want to know more, you can read a list of the FAQs of io technologies, and you can also consult the full list GDPR regulations here.
This may seem overwhelming, but implementing GDPR should not be too painful. Good luck!
Picture by Shutterstock