SQEMARINE consulting firm advised on the upcoming General Data Protection Regulation (GDPR) which requires compliance from all organizations providing services or handling data related to EU citizens, even if the organizations are not located in EU.
GDPR was adopted on 8 April 2016 and replaces the EU Data Protection Directive. The Regulation will be applicable to all EU Member States and will come into force on 25 May 2018.
Goals of GDPR
The Regulation updates the current legislation as a result of digitalization and technological developments and increases harmonization in standards between EU member states. It aims to protect individuals from unauthorized use of their personal information from companies and to be easy for data controllers around the world to follow.
Consequences of not complying with GDPR
If a company does not comply with the Regulation, there will be significant fines, reaching the 2% of its annual revenue or €10million and for more serious breaches the fines can be as high as 4% of company’s annual revenue or €20million.
Actions required
In order to comply with the General Data Protection Regulation, companies should:
- Ensure that consent has been obtained on handling personal data, and that it can be proven.
- Conduct a Data Protection Impact Assessment to identify the most effective way to comply with data protection obligations and individuals’ expectations.
- Identify and notify their supervising Data Protection Authority
- Maintain records of processing activities.
- Appoint or hire a Data Protection Officer (DPO), who will supervise compliance and data protection strategies.
- Prepare to report data breaches within 72 hours.
The above can be implemented with an effective and updated Cyber Security Management Plan, for both data protection and protection against cyber attacks.
Explore more herebelow: