What is GDPR?
The EU General Data Protection Regulation is a risk-based regulation, with an objective to enhance and standardise the approach for the protection of personal data. The EU GDPR will come into effect on 25th May 2018, replacing the various existing Data Protection Acts present in EU member countries. It will affect all organisations involved in processing the data of EU citizens, whether they are operating in an EU member state or not.
What does it mean to me?
It means that organisations will need to carefully consider the data they process and how they can be compliant with the EU GDPR and its 6 principles. Compliance with current data protection law is not completely sufficient, as the requirements of the EU GDPR are new and enhanced, to reflect the growing importance and rapid progression of data processing in recent times.
Non-compliance with the EU GDPR will be met with hefty financial penalties – in the case of a serious infringement a penalty of up to €20,000,000 or 4% of annual global turnover, depending on whichever is greater, could be applied. A company can also be fined 2% of annual global turnover or €10 million for not having their records in order or failing to notify the supervising authority and data subject about a breach.
How can I prepare?
It is within the best interests of all organisations to prepare for the EU GDPR sooner rather than later, however there is no guaranteed way to certify the EU GDPR compliance, at present. To help organisations make the necessary initial steps, Certification Europe have developed a new Data Essentials service. Tailored to meet the EU GDPR requirements, Data Essentials is an easy way for organisations to gauge how their current data protection procedures measure against the EU GDPR obligations. Our Data Essentials framework covers the key requirements of the EU GDPR to assist you and your organisation toward achieving your compliance objectives. Data Essentials is a hassle-free, straightforward approach to EU GDPR compliance, perfect for companies of all sizes. Certification Europe is the first and only accredited certification body in Ireland to offer a service of this kind. To make your preparations for the EU GDPR run as smooth as possible, contact us here.