GDPR IS COMING, BUT WHAT IS IT?
Coming into force on 25th May 2018, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The primary objectives of the GDPR are to give citizens back the control of their personal data, which includes the right to be forgotten.
It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.
To whom does the GDPR apply ?
‘Controllers’ and ‘processors’ of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT company performing the actual data processing.
Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU citizens.
What are the sanctions?
The following sanctions can be imposed:
- a warning in writing in cases of first and non-intentional non-compliance
- regular periodic data protection audits
- a fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.
- a fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.
How can ilicomm help your organisation get ready for GDPR?
COMPLIANT / PROTECT / PREVENT.
We are specialists offering expert advice and services as an independent cyber security business.