Companies throughout the European Union (EU) and beyond are preparing for the arrival of the General Data Protection Regulation (GDPR), a substantial increase in regulations around data privacy that will make landfall on 25 May 2018.
In short, the GDPR updates and harmonizes a patchwork of data privacy laws across Member States with a single comprehensive regulation that applies uniformly throughout the EU. The GDPR strengthens individuals’ data privacyrights and protections for processing their personal data. And these changes are not merely cosmetic; the regulation impacts every stage of the data lifecycle, from collection to deletion.
Companies need to reassess their data processes and permissions – from defining who should have access to data and why to redrafting disclosure statements, consent forms and privacy notices to notification procedures for data breaches, new processes that enable individuals to exercise their data privacy rights, and more.
And it doesn’t stop there, because the new regulation also has extraterritorial reach. Companies that process the personal data of EU residents are equally subject to the GDPR’s requirements regardless of where in the world they are located.
Ensuring compliance will require substantial changes, but the consequences of non-compliance are serious: GDPR violations can incur fines of up to €20m or 4% of global annual turnover!
We at Datafisher have provided both tailored and off-the-shelf online training for some of the largest as well as medium-sized companies in the Nordics. Tens of thousands have been trained and tens of thousands more will be trained before the end of May. An investment starting from less than a euro per person in Data Privacy/GDPR training for your personnel will pay off substantially by keeping your company compliant. It’s not too late!
STEPHEN STALTER
Compliance Business Manager, Datafisher Oy
The blog was originally published at Datafisher’s website April 4 2018.
