Ensure GDPR Compliance
Within Your Organisation
EU General Data Protection Regulations
The EU General Data Protection Regulation (GDPR) will replace the current Data Protection Directive 95/46/EC with effect from the enforcement date: 25 May 2018 – during which, organisations identified for non-compliancy would have to bear hefty penalties. This extensive data privacy regulation was approved by the European Union in April 2016, after four years of negotiation, objectively established to unify data privacy regulations across Europe and to restructure organisational approaches towards data privacy across the region. GDPR is applicable to all companies, located within or outside of European Union, handling and possessing personal data of data subjects stationed in the EU. It is important to note that GDPR applies to both controllers and processors. That being said, 'clouds' will not be exempted from GDPR enforcement.
How does GDPR affect your business?
The General Data Protection Regulation (GDPR) stands out from all existing regulations because of its breadth of client data protection. From conditions on cross-border data transfer to the need to implement, review, and update adequate technical and organisational measures to protect customer data, the GDPR introduces several new legislative requirements that will significantly impact the way businesses collect, manage, protect, and share both structured and unstructured data.
Unambiguous and Informed Consent: GDPR sets out stringent new requirements for obtaining a consent for the processing of personal data from customers. According to the new legislation, companies should make the process of withdrawing a consent as easy as providing a consent. Furthermore, the consent should be explicit and well informed with full transparency on the intended purpose and use.
Data Protection by Design and Default; Up until now, businesses were required to take technical and organisational measures to protect personal data. However, with the implementation of the GDPR, companies will require to demonstrate that the data protection measures are continuously reviewed and updated.
Find out about OpenDNA's SolutionDownload Brochure
Data Protection Impact Assessment (DPIA):
DPIAs are used by organisations to identify, understand, and mitigate any risks that might arise when developing new solutions or undertaking new activities that involve the processing of customer data, such as data analytics and all data-driven applications, including BI, data warehouses, data lakes, and marketing applications. GDPR makes it a mandatory requirement for all organisations to conduct a DPIA and consult with a Data Protection supervisory authority if the assessment shows and inherent risk.
Companies who show they value an individual's privacy (beyond mere legal compliance), who are transparent about how the data is used, who design and implement new and improved ways of managing customer data throughout its life cycle build deeper trust and retain more loyal customers.
Possible penalties for non-compliance
Organizations can be penalised up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum penalty that can be imposed for the most serious infringements.
- Not having sufficient customer consent to process data
- Violating the core of Privacy by Design concepts
Companies which conduct the following infringements can be fined 2% of annual global turnover:
- Not having records in order (article 28)
- Failure to notify relevant authoritative bodies and data subject about a breach
- Failure to conduct impact assessment