Get prepared for the GDPR now. Learn more here - > Riskonnect | 770 790 4700

Get prepared for the GDPR.

If you do business anywhere in the world, there is a good chance your organization processes data about individuals in the context of selling goods or services to citizens in a European Union (EU) country. And if so, then you will need to comply with the General Data Protection Regulation (GDPR). What is the GDPR? It’s a regulation intended to strengthen and unify data protection for individuals within the EU. It was approved and adopted by the EU Parliament in April 2016 and will be in force May 2018.

The data it refers to includes any information related to a person that can be used to directly or indirectly identify said person. It can be anything from:

  • a name,
  • a photo,
  • an email address,
  • bank details,
  • posts on social networking websites,
  • medical information,
  • computer IP address.

The GDPR is being called the most important change in data privacy regulation in 20 years. It not only applies to organizations located within the EU but it will also apply to:

  • Those outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects;
  • All companies processing and holding the personal data of individuals residing in the European Union, regardless of the company’s location.

In the GDPR, conditions for consent have been strengthened and companies will no longer be able to use vague terms and conditions full of legalese. Consent must be:

  • “Clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language;”
  • As easy to withdraw consent as it is to give it;
  • Explicit for processing sensitive personal data – in this context, nothing short of “opt in” will suffice.

There is a tiered approach to fines and organizations can be fined up to 4% (20 million EUR) of annual global turnover for breaching GDPR. This is the maximum fine that can be imposed for the most serious infringement, such as not having sufficient customer consent to process data or violating the core concepts. Less serious infringements have a max fine of 10 million EUR. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement. There is a provision for class action and individual prosecution depending on the breach.

In addition to fines and penalties, there is also the cost of compliance to consider. As an example, if every EU visitor to an American theme park in the last few years requested deletion of any of their data, the company that owns the park may be forced to spend a fortune to identify all the patrons and photos taken of them on systems throughout the park and delete them.

As a general trend the regulatory environment is getting more complex and prescriptive. There is a recognition that data is an asset and hence the focus on data will continue to rise. With just under six quarters from now till the regulation comes into force, time is critical and companies should start planning for GDPR now.

The following two tabs change content below.

Russell McGuire

Russell McGuire joined Riskonnect in January 2012 as director, enterprise risk services. Russell is a proven leader in the insurance and risk management field, with more than 25 years of experience. He was a member of the Technology Advisory Council of Risk and Insurance Management Society and served on the ERM Committee at RIMS for three years. Russell came to Riskonnect from Milliman, Inc., as a Senior Consultant and Product Manager, where he evaluated and designed Governance, Risk and Compliance (GRC) tools to support Enterprise Risk Management processes for clients. He worked with consultants in France, Germany, Italy, Holland and Great Britain. He developed ERM frameworks and provided consultation to clients on implementing ERM processes. He has also held positions at Alliance Data Systems, Risk Labs and Tillinghast-Towers Perrin.

Latest posts by Russell McGuire (see all)

Pin It on Pinterest