It’s less than a year and half to go now before the EU-crafted General Data Protection Regulation (GDPR) comes into force and it’s set to be a game changer for individuals and organizations alike. Organizations in particular need to develop a systematic framework to comply with it and create a privacy strategy – a journey which begins with a thorough assessment of existing policies, processes, and security measures to identify gaps and complete the implementation of remediation measures in a phased rollout by May 2018.
Regulation does not only include organizations based in the EU but also those that process the personal data of EU citizens and are based outside of Europe. To help clarify the key features that every organization needs to know about GDPR, TCS has created a white paper which assesses the operational impact of eight different aspects that the regulation brings.
The rights of the individual
Among other things, from the perspective of the individual, organizations need to be aware that the consent given by him or her is freely given and that they retain the rights to be informed, object to usage of their data and the right to erasure.
Organizations must also be accountable in all instances not only ensuring compliance with the new regulation but also readiness to demonstrate all levels of compliance with the authorities. This means among other things the appointment of Data Privacy Officer as well as ensuring privacy control measures are implemented throughout the data lifecycle of new projects and systems. Not only this, but data protection officers (DPOs) must be there to assess the impact of data processing where high risk to the individuals is involved and report breaches in timely fashion to a supervisory authority as well as recommending remedial action.
Updating the outdated
The GDPR is not without teeth. For those organizations found to be in breach of the regulation, penalties are as great as 2-4% of their global turnover or 20 million EUROs, whichever is higher. The GDPR is the culmination of many years of work and a positive step in the creation of a unified regulation that modernizes and replaces the outdated Data Protection directive 95/45EC. Digitization has changed everything and the authorities have acknowledged the fact. For a closer look at the paper, click here.