May 25th, 2018. Save the date, as that’s when, exactly one year from now, the new General Data Protection Regulation (GDPR) will come into effect.
Devised by the European Parliament, the Council of the European Union and the European Commission, the GDPR (EU Regulation 2016/679) will “enhance the data protection rights of individuals and improve business opportunities by facilitating the free flow of personal data in the digital single market” – and yes, it applies to soon-to-be-Brexited Brits.
In fact, it applies to any companies, government agencies, non-profits or other organisations that offer goods and services to people in the EU, or that collect and analyse data tied to EU residents, no matter where they’re located or how much EU data they currently have (or may acquire in the future).
What’s changing? A fair amount. Computer technology and the internet are almost unrecognisable compared to their counterparts of two decades ago, whereas regulations surrounding personal data have barely evolved in the same time.
The GDPR brings them more in line with current technologies and increases the uniformity of privacy regulations across the EU’s member states.
As per the official website of the Information Commissioner’s Office (ICO), the most significant addition is the accountability element, which requires that your organisation can show how it complies with the following principles regarding personal data:
Organisations are responsible for, and must be able to demonstrate, compliance with the above (abbreviated) principles. For the full list, click here.
The changes are significant and will require investment, but you won't be on your own for the next 12 months.
As a technology provider that deals with the personal data of individuals, the GDPR is being taken seriously here at Vuture, and we’re keen to support our users on their own journeys to compliance.
Our goal is to streamline your journey using technology, innovation and close collaboration without taking away focus from your core business endeavours.
Through our cloud services and on-premises solutions, we’ll help you locate and catalogue the personal data in your systems, build a more secure environment, simplify the management and monitoring of personal data, and give you the tools and resources you need to ensure compliance with the key principles listed above.
The GDPR contains many requirements about how you collect, store and use personal information. This means not only how you identify and secure the personal data in your systems, but also how you accommodate new transparency requirements, how you detect and report personal data breaches, and how you train privacy personnel and employees.
Given how much is involved, the sooner you start preparations, the better.
Begin by reviewing your privacy and data management practices. Failure to comply with the GDPR may prove costly, as companies that don’t meet the requirements and obligations could face substantial fines and reputational harm.
We recommend that you start by focusing on these five key steps:
The goals of the GDPR are consistent with our long-standing commitment to security, privacy and transparency on a global scale.
Below are a few of the actions that we’ve already undertaken:
By Adam Deakin, May 2017