With less than a year before the General Data Protection Regulation takes effect, we’re kicking off a series of blog posts to get everyone up-to-speed with the changes. The GDPR is a new European privacy law that will require companies, government agencies, non-profits and other organizations that offer goods and services to people in the European Union, or analyze data tied to EU residents, to make some pretty big policy changes. Failure to comply with these new regulations could result in large fines. If your business sells products into the EU, now is the time to start preparing for the GDPR start date of May 25, 2018.
The GDPR will replace the Data Protection Directive 95/46/EC, which was established in 1995. The GDPR goes farther than its predecessor directive toward its goals of protecting EU citizens’ privacy and preventing data breaches. Three of the major categories of change—which we’ll touch on in future blog posts—include:
- Increased Territorial Scope
In addition to these changes, new sections added to the regulation will map out the rights of data subjects and how they’ll be protected under the GDPR. These include:
- Breach Notification – mandatory; must be done within 72 hours of becoming aware of breach
- Right to Access – allows people to confirm if their personal data is being processed & where
- Right to be Forgotten – AKA Data Erasure – people can request to have their data removed
- Data Portability – right to receive and transmit personal data concerning the subject
- Privacy by Design – privacy must be included in initial design of systems versus as an addition
- Data Protection Officers – new requirements for both organizational roles & specific duties
Stay tuned for further blog posts covering these changes and how to prepare for them.