Companies that fail to start planning to deal with the EU’s data protection requirements are in for a real shock when the General Data Protection Regulation (GDPR) comes into effect in 2018. The International Association of Information Technology Asset Managers along with PWC and other global companies are reiterating this warning to firms who have not yet begun their preparations for the GDPR.
Although it is an EU regulation, thousands of US firms currently doing business in Europe directly or online with European customers will need make provisions for these regulations. There are sweeping changes to how personal and corporate data is to be handled. These changes have far reaching implications for many aspects of US businesses, particularly in terms of how information security is addressed.
The International Association of IT Asset Managers (IAITAM) has identified the top five impacts the EU regulations will have on all organizations worldwide.
- Data Breaches
GDPR states that a personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The changes made in GDPR now mean breaches must be reported within 72 hours of the company becoming aware of the breach. Up until now, a data breach is typically only announced when word of the breach is leaked to the public or media.
- Data Protection Officer Requirements
GDPR requires all organisations who profile individuals to appoint a data protection officer. This means that some organisations who don’t already have a DPO will have to hire or contract one with expert knowledge of data protection law and practices and ability to fulfil its tasks.
- Consent Of Those Providing Data
The new GDPR regulation states the business must prove the data subjects consent to the processing of their data for specified purposes. This aspect of GDPR requires the active acceptance of the terms and conditions by the user.
- The Handling Of Europeans Data Outside Of Europe
GDPR states that any transfer of personal data to another country or an international organization may only take place if – subject to the provisions of the regulation – the conditions laid down are complied with by the controller or processor. So what this means is that any organization that works globally and handles personal information of EU citizens will be subject to the GDPR.
- The Possibility Of A Heavy Fine And Court Appearance
The potential for large fines is very possible for companies who break the rules under GDPR. The regulation will impose fines of up to €20 million or 4% of global annual turnover for a breach of international transfer provisions. It will also enforce fines of up to €10 million or 2% of global annual turnover for administrative and security breaches.
So with these five impacts outlined you can see the importance for preparations for GDPR to begin today. PWC have found that American multinationals that have not taken significant steps to prepare for GDPR are already behind their peers. It’s important now for American companies along with their European counterparts take GDPR seriously and implement a solution to help the manage their compliance with the regulation.
ViClarity, a global provider of RegTech solutions have developed a GDPR solution to enable organizations of any size prepare for the implementation of GDPR. The ViClarity solution breaks the GDPR regulation down to an automated workflow to enable organizations provide ongoing compliance once the implementation date arrives. The ViClarity GDPR Solution provides the following benefits:
- Prepares organisations for the May 2018 GDPR implementation date.
- Pre – Populated template mapped directly back to the GDPR regulations.
- Automated process for managing data protection, flagging areas of concern.
- Ongoing monitoring of risks, controls and actions in the area of data protection.
- Highly visual reports for comprehensive board reporting.
- Records a full audit trail of how data was gathered and collated.
For more information on the ViClarity GDPR Solution visit our dedicated GDPR page here