GDPR - General Data Protection Regulation
The General Data Protection Regulation (or GDPR) is one of the biggest shake-ups to data protection legislation in history, so it’s no wonder that it’s a hot topic for many organisations. With such dramatic changes on the horizon, now is the time to make sure your organisation is prepared for this overhaul to data security and privacy law. In this bulletin Arthur J. Gallagher break down what the GDPR is, what you need to do to comply and what the penalties for non-compliance are.
The existing Data Protection Directive was introduced in 1995 – before widespread use of the internet changed our environment irrevocably. Designed to ensure that data legislation across the EU reflects the myriad new ways that data is used, the GDPR aims to enforce stronger data security amongst organisations that handle personal data, and enhance privacy rights of individuals that entrust those organisations with that data, giving people more say over how their data is handled. While it came into force on 25 May 2016, the GDPR will apply to all EU member states from 25 May 2018, which is the final date for organisations to comply. The UK Government has indicated its commitment to the GDPR after Brexit and has already introduced the new Data Protection Bill, which will implement the GDPR in full.
The fines for inadequately protecting data are severe – the most serious infringements attract fines of up to €20 million or 4% of your annual global turnover, whichever is greater. This is regardless of who is responsible for the breach - even if it is a malicious attacker or third party, your organisation will be responsible for the fine and any resulting reputational damage.
Regardless of how you choose to approach it, the sooner you begin the process the more time you will have to ensure you comply. The GDPR aims to ensure that data protection and privacy are no longer just an afterthought and are included in all of your systems and processes. Organisations need to show that they value an individual’s privacy, and reflect this in how they handle the data they collect.
Download the GDPR - General Data Protection Regulation.pdf