People today are talking a lot about issues of data privacy, integrity and GDPR. With all the data breaches that have made the news lately, it’s no wonder that there is so much concern. Data owners, data handlers and data processors all have a lot at stake in the changing international business landscape, and the responsibilities of these organizations are only increasing.
Data protection may feel like a 21st century issue because digitization of technology has changed the way we collect, analyze and distribute data. But the fact is that regulators have been paying close attention to this issue since at least the late 1970s. In fact, it was in 1980 that the Organization for Economic Co-operation and Development (OECD) first published its Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. This set of recommendations, endorsed by many European nations and the US, was established to help protect personal data and the fundamental human right of privacy. It set the stage for regulations to come.
In 1995, leaders in the European Union took the next step with the Data Protection Directive 95/46/EC in response to what they saw as an increase in the division of privacy regulations across the EU. This directive was an attempt to align data protection laws inside and outside of the EU and included a provision for transfer of personal data to countries outside the EU. It required that countries outside the EU provide levels of protection for the data comparable to protections within the EU.
Now, 22 years later, advances in technology and increasing sophistication by those attempting to hack or steal critical data mean it’s time for stronger protection. Business is more global than ever, with personal data moving across borders at a dizzying rate. That’s where the new General Data Protection Regulation (GDPR), set to take effect on May 25, 2018, comes in.
The GDPR gives EU citizens significant new rights over how their personal data is collected, processed and transferred by data controllers and processors. For this reason, organizations will need to implement very specific data protection safeguards and will be subject to fines that could range into the tens of millions of dollars for violations. Most importantly, the GDPR is a regulation and not a directive, so compliance is not optional. If your organization controls or processes personal data on citizens of the European Union, GDPR applies to you.
A few highlights of the GDPR include expanded steeper financial penalties, stronger consent requirements, mandatory breach notification, consumer access to their personal data, right to be forgotten or erased from a database, data portability and more. And because the GDPR applies to all companies processing the personal data of EU citizens, regardless of the company’s location, the territorial scope is greatly increased.
So how can you be sure you’re ready? Take some time to explore the resources on www.eugdpr.org, and if you haven’t already, start the conversation in your own organization. Then find a partner who can help you navigate this new regulation in the most efficient and productive way possible.
Or even better, let us show you how Viewpointe can be that partner. With almost two decades delivering superior information management and governance solutions, our services make it possible to manage data in a flexible manner and govern content so you are better prepared to provide outstanding service to your clients while meeting the requirements of the GDPR.