The European Union’s new General Data Protection Regulation (GDPR) will go into force on 25th May 2018 after six years of preparation.
The GDPR replaces the Data Protection Directive 95/46/ EC and was designed to harmonise data privacy laws across Europe, protecting and empowering all EU citizens. It should reshape the way organisations across the region approach data privacy.
The rules will apply to all companies that collect the private information of EU citizens, whether the business is based in the European Union or not, and the fines for non-compliance will be extremely onerous.
The main challenge for corporations will be assessing their current information collection and storage systems against the new regulations and ensuring compliance before the May 2018 deadline. Accountability is critical, and concepts such as pseudonymisation will become commonplace under the new regulations.
In addition, the cross-border transfer of EU citizens’ data outside the region will become much harder. The EU Commission will assess third countries’ level of protection by carrying out ‘adequacy’ assessments binding to all Member States. They will then carry out reviews every four years to ensure continued compliance.
Any businesses that collect sensitive personal information will need to carry out and regularly update GAP analyses, data protection impact assessments, privacy audits and data breach roadmaps in order to stay on the right side of GDPR.
This Virtual Series aims to highlight the profound level of impact this new GDPR legislation will have on IR Global members and their clients. We have gathered nine data protection experts from a variety of jurisdictions, to discuss how they are helping their clients to reach GDPR compliance and to emphasise some of the structure’s businesses should be putting in place to avoid a crippling fine.
In the pages that follow, we have advice from experts in Germany, Belgium, The Netherlands, Italy, UK, USA, Luxembourg, Sweden and France.