Time for a Change
GDPR is coming! Intimidating, right? Well it can be if not handled properly and promptly. General Data Protection Regulation is the European Union’s new data protection law that applies to any entity handling EU citizens’ personal data, regardless of location. Sound slightly familiar? It is going to replace the Data Protection Directive that has been in effect since 1995.
The GDPR is giving individuals greater control over personal data. This assigns organizations new obligations for analyzing, collecting and handling any personal data. This also gives national regulators new powers to impose fines on organizations that break the law.
GDPR will go into effect on May 25, 2018 with no grace periods beyond that date.
Stricter Enforcement & Higher Penalties
Previously and for a significant amount of time, national regulators did not impose fines for security breaches. That is all about to change. Under GDPR, Supervisory Authorities (SAs) hold greater power to enforce legislation. This will include authority to carry out audits, require swift and specific remediation, or even order of data erasure.
Additionally, penalties will be far higher than ever before, meaning companies can’t afford to be non-compliant.
Infringement of certain articles (5,6,7, and 9 to be exact) could cost your company €20 million or 4 percent of total global revenue, depending on which is greater. Infringement of other articles could amount to €10 million or 2 percent of total global revenue.
Fines can be will be determined based on the following factors:
- Gravity and duration of infringement, such as how many people were affected and how much damage was suffered
- Whether infringement was intentional or negligent
- Whether steps were taken by controller or processor to mitigate damage
- Technical and organizational measures that had been implemented by the controller or processor
- Previous infringements by the controller or processor
- The degree of cooperation with the regulator
- The types of personal data involved
- The way the regulator found out about the infringement
Aside from the immense fines, there are other consequences that could occur for companies that violate GDPR. Brand and reputational damage could ensue following data security breaches. This can cost your company millions in efforts to rebuild and preserve your trust with your customers.
As you can see, the cost of non-compliance can affect you and your company in numerous ways. You would be looking at fines and damage in the millions for neglecting the protection of personal data. The good news is, companies can greatly minimize risks by working with partners that can ensure GDPR-readiness.
What You Can Do Right Now
The time to get ready for GDPR is as soon as possible. May of 2018 is not that far off from now. You can start by taking inventory of your data. Do you know where your data is located, how it is being used, and who can access it?
Getting prepared for GDPR is going to be a taxing process. It is complex, time consuming and can take significant resources. This may require huge changes in your company’s privacy and data management habits. A delicate process handling vital personal data is not something to take lightly.
This is also the time to educate your employees on the proper and corrective manners to handle sensitive and personal data. You do not want to go through the risks of earning fines due to parts of the process to being overlooked.
You need this process to go as smoothly as possible and CuroGens is the place to start. As a global company and trusted Microsoft partner, we support IT and business intelligence needs of companies worldwide. We have the expertise as well ass the resources available to Microsoft partners to assess GDPR readiness.
Are you GDPR ready?
Get started today with a free preliminary assessment.