Wednesday, June 15th, 2016
5 Key Aspects – EU General Data Protection Regulation
With 81% of large organisations having suffered a security breach in the last year, data protection is becoming more and more important for every business. The new General Data Protection Regulation (EU GDPR) is bringing more stringent set of regulations for all businesses operating in the EU that will lead to a wider degree of data protection harmonisation. Although many organisations are aware of the Data Protection Directive, we are seeing a very immature readiness of the implementation of data protection security measures. The EU General Data Protection Regulation is brining new matters such as data subject consent, data anonymisation, breach notification, trans-border data transfers, and appointment of data protection officers which means that organisations handling data will have no choice but to reform. What are your compliance requirements? We’ve put together 5 key things you need to know about the new general data protection regulation!
1.The appointment of a data protection officer (DPO) will be mandatory for certain companies
The General Data Protection Regulation makes provision for the appointment of a Data Protection Officer for the following entities:
a) public bodies
b) companies with 250 or more employees
c) organisations whose core activities involve regular and systematic monitoring of data subjects.
Moreover, the new regulation states that “the data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices.”
2. New data breach notification requirements
The data controller has to notify the data breach to the supervisory authority no later than 72 hours having become aware of it. The only exception to this could be if the data controller is able to prove that the data breach is unlikely to result in a risk to the rights and freedoms of the data subjects in question. Failing to do comply with the new breach notification requirement (as well as to any of the other requirements imposed by the regulation) can bring severe sanctions: up to 5% of the organisation’s Annual Global Turnover (or €10m-€20m)
3. Mandatory privacy impact assessments
Data controllers will be required to conduct risk-based privacy assessments before the commencement of new projects. The privacy impact assessments will analyse the risks involved and provide solutions to minimise the risks to their data subjects. ISO/IEC 27001 provides one of the best frameworks for assessing and mitigating data protection risks helping data controllers conduct successful impact assessments.
4. One-Stop-Shop
The regulation has proposed the establishment of a one-stop-shop for businesses meaning that organisations will only have to deal with a single supervisory authority, as opposed to one for each of the EU’s 28 member states. This will provide fast and cost-effective ways for companies to do business in the European Union, contributing to the growth of the digital economy.
5. ISO/IEC 27001 can help address the challenges
Businesses of any size must have a framework in place to manage information security risks and comply with with the new regulation, to avoid large fines and brand reputation damage.The most effective solution to ensure regulatory compliance is the framework provided by ISO/IEC 27001. Businesses can either adopt a system that follows ISO/IEC 27001 best practices or become ISO/IEC 27001 certified. Either way, by doing so they are one step closer to fully meeting regulatory compliance.
How ready are you for the new EU General Data Protection Regulation? Book your FREE 1 hour assessment today! Simply follow this link to book today https://www.smarttech.ie/compliance-governance/eu-general-data-protection-regulation-compliance/
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.