Company leaders worldwide are taking measures to ensure they will be in compliance with a new and far-reaching law aimed at protecting European citizens from privacy and data breaches. General Data Privacy Regulation (GDPR), a data privacy law adopted by the European Union taking effect May 25, 2018, is one of the largest changes in data protection and privacy regulations. GDPR builds upon existing principals set forth in the Data Protection Act and puts tighter obligations and restrictions on data controllers and data processors.
Small businesses to multi-billion dollar companies also are reviewing their data privacy policies. According to the International Association of Privacy Professionals, Fortune’s Global 500 companies will spend approximately $7.8 billion on GDPR compliance efforts. GDPR will affect companies that either offer goods and services to European citizens or collect data from people living there, regardless of company location. Several industries are affected by the changes, including relevant industries, including retail, marketing, hospitality, travel, technology, telecommunications, financial services, insurance and manufacturing.
Under GDPR, data controllers and data processors will be held more accountable. Currently, only data controllers are held responsible for compliance. GDPR will create new compliance and responsibility obligations for data processors. Businesses could rack up hefty fines if they are not in compliance with GDPR by May 25. Organizations in breach of GDPR can be fined up to 4 percent of their annual global turnover or €20 million.
Companies that haven’t started their compliance efforts should start now. First National Technology Solutions partnered with Optiv to host a free webinar to help companies prepare for the new regulations. FNTS Director of Information Security, Robert LaMagna-Reiter, and Solutions Architect, AJ Brown from Optiv, covered a range of topics that include:
- Guidelines and requirements
- GDPR’s impact on business
- Best practices on achieving compliance
- Data controllers vs. data processors