As we are approaching 2018, one can feel a certain anxiety taking over at the workplace – and this is not only due to the upcoming holidays, but also because of the following 4 letters: GDPR.
As from 25 May 2018, all EU member states need to comply with the new General Data Protection Regulation (GDPR). Although the GDPR is built on existing data protection principles, it will drastically change the way organisations deal with data; even the very definition of personal data changes.
So what is GDPR?
According to a Eurobarometer survey conducted in 2015, no less than 67% of Europeans expressed that they were concerned about not having control over their personal data and information provided online. Taking this into account, the EU worked the past years on transforming the existing EU Data Protection Directive (DPD) with a clear aim to enable EU citizens to better control their personal data. The outcome of that hard work is the GDPR, which establishes data protection principles more fitting to the digital world we all live in nowadays.
A key difference is that the GDPR is a regulation and not a directive like the DPD. A regulation is a binding legislative act, where a directive only sets out a goal that all EU countries must achieve and thus still requires each member state to devise its own laws.
Although being an EU regulation, it actually has a global reach as any company that delivers goods or services to EU residents needs to comply to GDPR. In a recent PwC survey, 92% of U.S. companies for instance said GDPR is a top priority on their data privacy and security agenda.
Not only consumers benefit from GDPR, but also businesses
The drivers behind GDPR are in fact two-fold. Apart from giving the people more control of how their personal data is being used, it is also beneficial for businesses as it provides a single truth. It enables a “one-stop-shop” principle as there will be only one single supervising authority instead of 28. The EU estimates the benefits at €2.3 billion per year. In return these businesses will have to make certain adjustments (read: investments) in order to be compliant with GDPR. Nevertheless businesses should feel rather motivated to make these adjustments as they risk huge penalties for non-compliancy: fines of up to €20 million or 4% of their annual global turnover, whichever is greater.
Are you ready?
The impact of GDPR should not be taken lightly. When saying data protection, people tend to link it immediately to IT. However being compliant to GDPR is not a responsibility for the IT department alone, it should be a coordinated task across several departments including marketing, finance, legal and HR together with IT. Beijaflore can help wherever you are on the GDPR journey as we bring expertise from these different areas. Get ready now and contact us for more details on our services.
Author: Kate Engels, Senior Consultant