GDPR Compliance: Your Journey
The European Union’s new General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Compliance with this EU-wide new data protection and privacy law is going to be critical for both small and large businesses over the next 12 months.
Th GDPR is a big change in the EU data protection and privacy regime. Some experts are calling the GDPR the most important change in data protection regulation in over 20 years.
The GDPR aims to repeal and replace the current EU Data Protection Directive, which forms the basis for the existing data protection regimes across Europe.
What is new?
The GDPR is broader in scope than the existing European data protection laws. It applies both to organisations established in the EU and to non-EU established organisations that target or monitor EU residents.
The GDPR introduces the principle of accountability, which means that affected organisations will have to focus on their internal compliance.
New requirements relating to consent, transparency, breach notification and appointing data protection offcers (DPOs) mean affected organisations need to review their policies and operations procedures.
The new GDPR changes are important are there are big penalties for non-compliance – up to €20 million or 4% of your group’s annual global revenue.
White Paper on GDPR Compliance
While there is already a significant amount of information about GDPR in the public domain, we* have worked together to outline the practical steps required to begin a GDPR compliance journey and put your business in the best position in advance of the new law coming into force.
Grounded in industry experience, this paper offers a pragmatic four step approach to help put your organisation on the road to compliance with the GDPR.
- Assessment – understanding your current data-related environment.
- Gap Analysis – comparing your current data-related environment with the ideal standard required under the GDPR.
- Remediation – undertaking the activities needed to reach the standard of compliance required under the GDPR.
- Adherence – taking the actions necessary to maintain and update GDPR compliance.
Next Steps to GDPR Compliance
While this white paper outlines what you should be doing from a legal, regulatory and technology perspective over the next 12 months, compliance with GDPR is not a box ticking exercise. Real GDPR compliance can only be achieved by working with experienced professional advisers to help you arrive at and maintain GDPR conformity.