New law about privacy is coming to Europe, significant penalties for enterprises that do not comply with the regulation
The General Data Protection Regulation (GDPR) is the new legislation to govern the use of data at European level, in order to strengthen the protection of citizens’ privacy. The law overcomes current decrees of single countries and it will be valid for the entire European Community. The GDPR introduces new rules that impose the adoption of specific security measures to enterprises to protect sensitive data of individuals and severe sanctions in case of violations of the obligations imposed.
Companies should therefore align with the new standards of privacy and invest in adopting of processes and appropriate information tools for respect for the new regulation, together with the integration of insurance policies to cover possible damages.
What does GDPR consist of?
New elements of the legislation concern the obligations to manage a treatments register and guarantee data security in the long term, notify possible data breach (not authorized use of personal data), introduce a dedicated figure for the privacy supervision (Data Protection Officer) and adopt a general approach that takes inspiration from “privacy by design”, meaning the designing of a real corporate system with the aim of protect sensitive data with the support of appropriate computer tools.
The deadline to comply to GDPR is 18 May 2018: companies have time until next spring to adopt procedures and technologies that, as well as assure the respect of the law, will help the improvement of security and business continuity. The GDPR imposes a new way to manage privacy compared to the past: it is no longer about formal obligations but it is about setting a process and particular methods, analyze risks and manage continuously the personal data treated, in the full respect of individuals’ rights.
Don’t forget about severe penalties for companies who will not respect new obligations, with fines until 20 million of euros or corresponding to 4% of total turnover. Penalties will hit who do not comply to the regulation within the given deadline or in case of, in spite of the compliance, emerging shortcomings after data violations.
Next week we will analyze the regulation step-by-step, in order to better understand what are the basic actions that companies should undertake to face these changes, stay tuned!
Do you want to know more? Reserve a free consulting with our specialists!