Blog Articles Blog Articles

The General Data Protection Regulation (GDPR) will enter force on 25th May 2018 – as a replacement for the Data Protection Directive. GDPR is the most important change in data privacy regulation in 20 years, so we want to help make sure you are prepared.

GDPR is designed to protect and restructure the way organizations approach data privacy. The aim is to give control back to EU citizens, and protect them from privacy and data breaches in what is becoming an increasingly data-driven world. Many changes have been proposed since the old Data Protection Directive, and the key principles of GDPR will have a big impact on businesses; if organizations are non-compliant after its enforcement date, they could face heavy fines.

Not just the fines, but the reputational damage associated with a data protection breach could be detrimental. Your organization needs to be prepared to meet GDPR compliance requirements with robust compliance processes, policies and procedures. We’ve put together 5 key points we think businesses need to make note of about the GDPR:

  1. GDPR is a global data protection law - it applies to all companies worldwide that handle personal data of EU citizens.
  2. The GDPR states that organizations will need to prove valid consent for using personal data. Organizations will need to be able to explain exactly what personal information they are collecting, and how they are using it.
  3. Data Breach Notification requirement – Organizations will be required to notify the local data protection authority of a data breach within 72 hours of discovering it. Therefore, software and processes should be in place to enable early detection of issues.
  4. Right to be forgotten – the right to be forgotten allows EU citizens to have a data holder erase their personal data and cease further distributing of their personal information.
  5. Penalties – Organizations in breach of GDPR could be fined up to 4% of annual turnover.

Off the shelf, automated solutions are key in supporting a risk-based approach to GDPR compliance. Sword Achiever can help track compliance against any standards provided, including GDPR, ISO, PCI etc.

By Kate Passby at 20 Sep 2017, 09:38 AM

Contact Us Join Us