The European Union (EU) adopted the General Data Protection Regulation or GDPR on April 2106 to keep personal data for EU citizens safe. In the wake of an increase in the number of malicious attacks that compromise businesses’ networks, it was high time government regulation stepped in to protect personal data.
The GDPR is not exactly a simple piece of legislation and the regulation needs some dissecting to grasp the far-reaching regulations. However, some of the key points include:
- Personal data rights
- Widens the definition of personal data
- Gives citizens the right to be forgotten
- Requires privacy by design
- Obtain consent to hold and process data
- Breach reporting
- Introduces a mandatory private impact assessment (PIA)
- Increased penalties for breaches that could be up to 4% of global turnover
The GDPR does not only apply to businesses in the EU. It also affects any company that handles personal data of those who live in the EU. So if you thought you were exempt because you are a business in the U.S. or Canada, think again. Your company will still have to comply with the new regulation.
Time is running out
The clock is ticking. The GDPR goes into effect in May 2018. Right now is the time to assess how your company handles personal data and how you can start following the regulation especially if you do business within the E.U. You will need to report breaches, understand how you manage personal data and make changes to information within a moment’s notice.
Check out this video for eight checklist items that will help you get ready for the GPDR.
If you have additional questions and need better clarification on what you need to do before the legislation goes into effect, download this whitepaper.