We’re fully in the swing of European Cyber Security Month, and it comes as no surprise that one of the issues that has dominated enterprise this year is the theme for week two of the month-long awareness scheme. Governance, Privacy and Data Protection are at the forefront of everyone’s mind this year and the reason behind that is the impending arrival of the new EU General Data Protection Regulation (GDPR).
The aim of this week is to get you ready for compliance. You should use this week to uncover how to prepare your organisation for the new EU Directives and Regulations such as the GDPR.
Governance & Privacy
In this ever-connected world, risk management is more vital than it’s ever been. The sophistication and complexity of cyber threats means that every organisation should have a robust risk management strategy in place and without one you run the risk of a severe cyber security breach and/or a penalty from one of your regulators. This year has been particularly notable when it comes to companies failing to maintain their client’s privacy.
As you can see from our blog earlier this week, it isn’t tin pot operations that are getting caught out, the likes of Deloitte and Equifax are just two examples of companies who have failed to adequately protect their customers’ personal data. Conversely, it’s arguably a good thing that these breaches came to light this year as they are not yet under the jurisdiction of the GDPR. If these had of happened under GDPR rules, then these companies would have been liable for costs as much as €20 million or 4% of their global turnover.
In the case of Deloitte that could have meant a $1.5 billion fine. So, the consequences of GDPR are for all to see.
GDPR in place next year
The GDPR adopted in April 2016, will supersede the Data Protection Directive and will be enforceable starting on 25 May 2018. The European Parliament have adopted this new regulation which expands upon previous requirements for collecting, storing and sharing personal data.
This new rule requires the subjects consent to be given explicitly and not checked off by default. The European commission’s objectives with the new GDPR legislation include:
• The coordination of 27 national data protection regulations into one unified regulation
• The improvement of corporate data transfer rules outside the European Union
• The improvement of user control over personal identifying data. GDPR carries different connotations for different industries.
For example, the impact of GDPR is going to be different for corporate counsel than it would for say HR. However, we’ve created a list of solutions to help you with your GDPR project. For more information on our GDPR solutions, click here.