What is GDPR and How will it Impact Businesses?
Let’s talk about an imminent shaking event for all European citizens, take it easy and breathe. There’s nothing to deal with UK nor French elections
Any sector, any size, any business is
to be impacted by this 4-letter acronym
G. D. P. R.
You’ve never heard about it? Be sure you will. But before revealing the meaning of GDPR, let’s go for facts checking.
Brussels, 25 January 2012– The European Commission has today proposed a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement.
Taken from http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en
You got it? Yes. The General Data Protection Regulation is all about Personal DATA, privacy and security within business cell. After studying the entire Data Protection Directive, I’ve selected some…
- EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.
- Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company.
- People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.
- A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it.
How do you gather, store, and use personal information from your customers, partners but also workforces. This means not only how you identify and secure the personal data in your IT but also how you accommodate new transparency requirements, how you detect and report personal data breaches, and how you train privacy on both sides, personal and professional.
In May 2018, GDPR law is due to take effect
… and you should not wait until the regulation takes effect to prepare. Start reviewing your privacy and data management practices now. Regardless of the vertical your company is, these rules must apply to avoid penalties of up to € 1 million.
This will require big changes and significant investments by organizations that operate in Europe. Many global IT players have already anticipated this bonanza. One of them: Microsoft.
Since it is all about data and privacy, since these rules must apply to ALL of us, one of the focal points resides in… the Workplace. May I advise you to consider the duo Enterprise Mobility + Security coupled with Windows 10 as The lethal weapon to comply with GPDR. How to implement it? That’s another story.
Need some help on how to satisfy imminent GDPR rules, feel free to contact Sogeti.
About Sogeti Labs
SogetiLabs gathers distinguished technology leaders from around the Sogeti world. It is an initiative explaining not how IT works, but what IT means for business.
Very good article with some good actionable advice.
I just want to correct the potential fine you could face. Below is a small quote from Article 83 of the GDPR:
“5. Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher”
So don’t take this too lighly…