The New European Privacy Law
In May 2018, a new European privacy law is due to take effect. This law will require big changes, and potentially significant investments, by organisations all over the world. This is the biggest change in privacy law since the Data Protection Act was first introduced.
What is GDPR?
Known as the General Data Protection Regulation (GDPR), the law imposes new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents.
GDPR represents an important step forward for individual privacy rights as it gives EU residents more control over their “personal data”. The GDPR also seeks to ensure personal data is protected no matter where it is sent, processed, or stored. The law updates European privacy regulations for the first time in more than two decades, bringing them more in line with current technologies, and increases the uniformity of privacy regulations across the EU’s member states. However, the GDPR is a complex regulation that may require vast changes in how you gather, classify and protect data. Does your company, in its current environment, meet the GDPR reporting and assessment requirements?
Where do I start?
Given how much is involved, you should not wait until the regulation takes effect in May 2018 to prepare. You need to begin reviewing your privacy and data management practices now. Failure to comply with the GDPR could prove costly, as companies that do not meet the requirements and obligations could face substantial fines and reputational harm.
Cisilion recommends you begin your journey to compliance with the GDPR by focusing on five key steps:
- Discover and identify what personal data you have and where it resides
- Control and manage how personal data is used and accessed
- Protect data by establishing security controls to prevent, detect and respond to vulnerabilities and breaches
- Report on requests for information potential breaches and data leakages
- Review your systems continually to ensure you stay compliant and reduce risk
REGISTER FOR CISILION’S EVENT TO FIND OUT MORE
Where are you on your GDPR journey? Cisilion are hosting an ‘Insurance Transformed’ event on 23rd February, where security and compliance will be a focus topic. Register below to find out the full scope of GDPR and what you should do.