The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years!
The European Union’s General Data Protection Regulation (GDPR) came into force on May 25, 2018 and has been described as the most significant overhaul to data protection laws in a generation. The regulation applies to organizations worldwide that offer goods or services to individuals in the EU, and the penalties for non-compliance are severe. In replacing the outdated 1995 Data Protection Directive, GDPR recognizes the impact that the Internet and other new technologies have had on the data we hold and how we share it. The European Union is forcing companies to view this as an opportunity to develop and implement data governance, protection and privacy in line with consumer expectations. The Penalties can be severe for non-compliance – up to 20 million Euros or 4% of group worldwide turnover (whichever is greater).
GDPR applies to both data controllers and data processors and penalties can be imposed on one or both parties depending on their degree of responsibility. The data controller is the person (or business) who determines the purposes for which, and the way in which, personal data is processed. And the data processor is anyone who processes personal data on behalf of the data controller (excluding the data controller’s own employees).
Among other things, organizations will be required to maintain a data breach detection plan, regularly evaluate the effectiveness of security practices, and document evidence of compliance. However, GDPR doesn’t provide specific technical direction, meaning that organizations will be independently responsible for establishing and maintaining the best practices needed to uphold outlined data security requirements.
Zartech has a very comprehensive bot that does a great job of fully explaining the law, click the icon on the bottom right of your screen to launch it and get up-to-speed on GDPR.
Zartech can help you with being GDPR compliant, contact us today.