What does it mean for businesses?
The GDPR applies to any organisation that operates within the EU or with EU data. Failing to comply could lead to fines of up to €20m or 4% of your global annual turnover - whichever figure is larger. However, failing to comply is not simply a financial matter, it could have a significant impact on your organisation's reputation.
Here’s an overview of some of your new responsibilities:
Keep a record of data operations and activities
- Carry out a data privacy impact assessment (PIA) for systems and projects
- Consider if you will be required to designate a data protection officer (DPO)
- Notify the supervisory authority of a data breach
- Review data processing processes
- Implement “privacy by design” and “privacy by default”
When do you need to do it?
Businesses must be compliant with the GDPR by 25th May 2018. Once this date rolls around there will be no room for interpretation of the legislation from member states, and all organisations that wish to trade with data within or with the EU must comply in order to reduce the risks to personal data throughout Europe and beyond.