On 4 May 2016 the General Data Protection Regulation ("GDPR") was published in the Official Journal of the European Union. The new Regulation will dramatically change the processing of personal data in your company as from 25 May 2018.
What will change with the Regulation?
The Regulation will replace the existing Privacy Directive (Directive 95/46/EC) and will substantially change the legislative framework for data protection.
Some of the new features provided for in the Regulation are:
- extraterritorial effect for non-EU companies offering goods or services in the EU;
- a strong emphasis on the accountability of companies that process personal data;
- independent obligations for processors of personal data;
- enhanced rights for data subjects: the right to be forgotten, the right to data portability, etc.
- the obligation to notify data breaches;
- the obligation to appoint a data protection officer in certain cases;
- introduction of the principles of privacy by design and by default;
- etc.
Last but not least, the Regulation allows for violation of the new rules to be penalised with huge fines of up to 4% of the global annual turnover of the infringing undertaking.
When does the Regulation enter into force?
The Regulation was published in the Official Journal of the European Union on 4 May 2016, and it entered into force on 24 May 2016. The Regulation will be applicable as of 25 May 2018, giving companies two years to make sure they comply with the Regulation.
What do you need to do as an undertaking?
Undertakings need to conduct a gap analysis as soon as possible to assess their data protection programmes. This not only involves mapping all the company's data, but also mapping all channels through which the company communicates with a data subject (privacy policies, website, contracts, newsletters, e-commerce tools, etc.) and all the company's internal procedures (such as data breach policies). Once that analysis is completed, measures can be identified which will allow the company to comply with the Regulation by 2018.