General Data Protection Regulation
The General Data Protection Regulation will come into force on May 25, 2018.
What is the goal of the General Data Protection Regulation (GDPR)?
The GDPR is based on the fundamental right of data privacy and personal data protection. It is focused on providing better protection to all residents of the European Union by harmonising the protection of personal data in all 28 Member States. By strengthening the legal framework for the use of individuals' data, this regulation aims to boost consumer confidence in new technologies and enable the better development of the digital economy.
Who will the GDPR affect?
The scope of GDPR, defined in Articles 2 (Material scope) and 3 (Territorial scope), is much broader than the Directive 95/46/EC which was implemented in October 1998. The Regulation introduces the rule of extraterritorial application of European law and the subcontractors have now become directly affected by the regulation.
Previously, adherence to guidance provided by the Directive was not mandatory and each EU member-state could implement direction as they see fit. However, the issuance of the Regulation now applies a standard requirement to all impacted parties, regardless of location, provided that the data in question is directly related to EU residents.
Are you affected by GDPR? Take our test to find out
The GDPR will require individuals to:
Create the role of a Data Protection Officer, responsible for managing the data protection system
Define data collection, data processing, storage, transfer and deletion processes
Create a data breach notification process
Obtain explicit consent from the client when collecting data
Strengthen a persons right to access their data and right to be removed
Increase awareness and conduct training on data protection for any person involved in handling personal data.
GDPR Non-Compliance consequences
Sanctions can be:
In the case of a minor breach: a simple reminder.
In the case of a more serious breach: an administrative fine.This administrative fine can reach up to 4% of a company's turnover, thus requiring constant alertness in the processing of personal data
The fine will take into account the nature, seriousness and duration of the infringement as well as the intentional nature of the breach and any other mitigating circumstances.
In addition to the financial penalties, there is the risk of harming the company’s image with its clients.
How ready are you for GDPR?
Use our diagnosis tool for a high level review of your data protection practices and assessment of your level of compliance with GDPR.
This tool covers the 12 key themes of the GDPR regulation:
Governance and Policy
Privacy by design/Privacy by default
Storage and deletion of data
Security and Incident Management
Impact analysis of data protection
BCR/Internal business rules
Sia Partners Expertise
Our experts can help you achieve GDPR compliance using our 4 step approach:
Identification of processes and transfers
Understand where data is collected and where processes are located
Analysis of the existing data protection system
Understand the existing means of controlling data protection risks
Regulatory Gap Analysis
Evaluate your level of maturity and develop an awareness of what still needs to be done
Definition of a roadmap
Define the major projects to be carried out (including the workload) regarding the company's strategy and the current level of maturity
Launch of GDPR Compliance Project
Define the project plan and structure for GDPR compliance
Having globally assisting and advised both Tier 1 international banks and multinational organisations on a wide range of GDPR projects, Sia Partners is well positioned to support you in your compliance with GDPR