In the past, data protection in the European Union was controlled by the 1995 Data Protection Act. This outdated act was then replaced by the General Data Protection Regulation. It is put in place to protect the privacy and personal data of EU citizens for transactions that occur within EU member states. It also regulates the exporting data outside of the EU. Next year this regulation will be updated and big changes are to be made in regards to the way companies can handle data protection of European Union citizens. These changes will come into effect on the 25th of May 2018.However, just because your company is not located in the EU doesn’t mean that it this regulation is irrelevant.
Will your company be affected by GDPR?
Obviously, the updated regulation applies to companies located in any of the 28 EU member states. However, it is not limited to this. Any company that has a presence in the EU by storing or processing personal information about its citizens within EU states must comply with the regulation. This applies even if they do not have their business located within the EU.
Why are companies concerned by this?
One of the reasons why companies are concerned by the new regulation is because of the finical expenditure it will cost them in order to become compliant. The majority of US companies are predicted to spend between 1 – 10 million USD just in order to comply with the latest requirements of the regulations. Some larger companies are expected to spend over 10 million USD.
The consequences of noncompliance
Another reason why companies are concerned by the regulation is that it is assumed that over 50% of them will be fined by the new regulation due to the current state of their data handling and processing. When a company is found to be in breach of the GDPR it will result in massive financial penalties. For example, fines up to 20 million Euros or 4% of the company’s global turnover. The penalty will depend on which is higher. As a result, the EU could collect over 6 billion USD within the first year from fines due to noncompliance
The steps to take to avoid penalties
The governing body has given a list of guidelines to follow in order for companies to become compliant. The 2 that take priority include hiring a Data protection officer who will oversee the company’s data protection plan and ensure compliance with the regulation. Secondly, to review and update the companies data protection plan to follow the latest GDPR requirements.
Take a look at this page for more information relating to GDPR: http://www.amazingsupport.co.uk/cyber-essentials/