The European Commission first proposed changes to the EU Data Protection law in early 2012. Following years of debate the proposal has now been finalised with the General Data Protection Regulation (GDPR) coming into force in May 2018. This will have a dramatic impact on EU privacy and data protection in a number of crucial areas as the GDPR poses new regulations on any company that handles the data of EU citizens, no matter where the business is located.
Once the new regulation is implemented it could have a significant impact on your business and for those that fail to comply and do not protect their customer data, could incur a significant fine of up to €20m or 4% of total worldwide annual turnover. It will also present tighter requirements for obtaining consent to the processing of personal data as well as legal obligations, data breach reporting and data protection rights for individuals.
Recent research from leading global Data Privacy Management (DPM) company, TRUSTe, looked into how aware businesses are of the GDPR and the preparations they’re making. Alarmingly, only half of those asked said they were aware of the changes. The study, titled ‘Preparing for the EU General Data Protection Regulation: Assessing Awareness, Readiness & Impact of the Proposed Changes in the U.S., UK, France & Germany’, looks into company attitudes towards the GDPR and just how ready these organisations are in their own procedures around data protection.
The study asked 202 data privacy experts about the pending change to data protection regulation and of those who said they were aware, 73 per cent admitted that it was the biggest change in data protection regulation in over 20 years. Furthermore, 65 per cent of those that said they were aware of the changes said that they had already started making preparations with how they handled the data they hold.
Whilst it’s reassuring to see these organisations already making preparations and an additional 83 per cent already allocating a budget, this research has highlighted an inconsistency of awareness amongst businesses. On one hand we have a small informed group of companies already making preparations but on the other hand, 50 per cent of companies aren’t aware of the pending changes at all.
It is essential that these companies take their heads out of the sand and, with just under two years to potentially re-think your entire data protection procedures, it is important to begin planning as soon as possible. This will ensure that all key people in your organisation are up-to-date on all procedures and remain compliant with the new rules going forward.
The new law could have significant implications for your business and mean that your company needs to put new procedures in place to address the GDPR’s new transparency and individuals’ rights provisions. For larger companies in particular this could pose significant budgetary, personnel, governance and IT challenges.
Nevertheless, no matter the size of the business, there are a number of steps you can take to ensure you are prepared for the GDPR.
About the author: Paul Evans is Managing Director at Redstor a global provider of data protection and cloud services.