COMPLY WITH GDPR
new European law about Data Privacy
Are you ready for GDPR?
The General Data Protection Regulation (GDPR) is the new legislation that regulate the use and treatment of personal data at European level, in order to strengthen the protection of citizens’ privacy. The law overcomes current decrees of single countries and it will be valid for all the Member States of the European Community. The GDPR introduces new rules that impose the adoption of specific security measures to enterprises to protect sensitive data of individuals and severe sanctions in case of violations of the obligations imposed. Companies should therefore align with the new standards of privacy and invest in the adoption of processes and appropriate information tools for respect for the new regulation, together with the integration of insurance policies to cover possible damages.
The deadline to comply to GDPR is 18 May 2018: within this date companies must adopt procedures and technologies that, as well as assure the respect of the law, will help the improvement of security and business continuity. Besides, the new law introduces the obligation to notify data breaches to the competent Authority within the established times.
GDPR – Sanctions for non-compliance
Don’t forget about severe penalties for companies that will not respect new obligations, with fines until 20 million of euros or corresponding to 4% of total turnover. Penalties will hit who do not comply to the regulation within the given deadline or, in spite of the compliance, in the case of emerging shortcomings after data violations.
How comply with GDPR?
The new legislation about privacy compels firms to change their structure at a deep level, by changing the processes and the organization in order to elaborate and treat all the sensitive data according to the right security rules and with total transparency. GDPR includes not only technical implementations, but also organizational changes. Among them there is the introduction of the obligation for companies to nominate a Data Protection Officer (DPO). The DPO will be responsible for data protection in the company and will have to verify the application of data privacy regulations.
Time to comply with GDPR is short: just 27% of Italian enterprises knows the new obligations about data protection and just 9% is doing projects in order to align with it. Criticalcase, in collaboration with a company of the Group specialized in security solutions, provides a tailor-made service to help firms comply with the new law, by preventing that GDPR become a cost and transforming it in an opportunity to protect data and develop business. Ask for more information about GDPR.