Countdown to compliance deadline has started!
There are 133 days between now and the day in which the General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. The GDPR will not only apply to businesses headquartered in the EU, but it will also apply to any business that processes or controls the personal data of/sells goods and services to EU citizens.
Blockchain, GDPR, Privacy by design: are these terms familiar? If not, it is time to act!
The European Union’s data protection laws have long been considered the cream of the crop all over the world. When the General Data Protection Regulation takes effect on May 25, 2018, the EU’s data protection laws will both strengthen and broaden their scope. The origin of these new laws can be traced back to the first OECD’s Guidelines on the Protection of Privacy and Transborder Flows of Personal Data created in 1980, all the way up to the collapse of the ‘Safe Harbor Agreement’ on October 6, 2015, reaffirming that privacy really is a fundamental human right.
What does that mean for you?
So how do we best adapt to this change/requirement to participate in the economy of our digital age? There are two ways businesses will respond or prepare for a future in which the GDPR is present: privacy by design or privacy by default.
Businesses affected by this legislation can either build the personal data privacy of their customers into their framework or mistakenly allow it to be an afterthought. Both of these are important to consider given the fact that the fine for non-compliance is the greater of €20 million or 4% of global annual turnover. Not only that, but the GDPR is a binding legislative act unlike the Directive 95/46/EC, which set out a goal for all countries to achieve and allowed those countries to decide how they would do so.
Privacy by design is the approach capable of preventing consequences of non-compliance altogether and building trust amongst EU customers. This will require business leaders becoming familiar with the GDPR’s requirements and carrying out the necessary steps to become compliant. A few of those are appointing a Data Protection Officer (DPO), preparing to obtain consent from data subjects, and being transparent about how your business plans to use data subject information. The official website of the GDPR can be a resource to those who wish to better understand requirements.
Co-authored, edited and prepared with Ashlyn Vogelsang.