14 Dec Data protection: Are you set for GDPR?
Businesses have less than 18 months to get ready for the European Union’s General Data Protection Regulation, also known as GDPR. But what is GDPR and what challenges might it pose to European businesses?
If you’re unfamiliar with the legislation that’s coming into force (officially known as Directive 95/46/EC), here’s a top-line summary:
- Businesses must have explicit consent to use a wide variety of data
- Companies will have to hire a data protection officer if business processes require the storage and manipulation of certain categories of data
- “Privacy by design” needs to be introduced to workflows
This is great news for consumers, but it presents a complex challenge for European businesses.
Challenges and penalties
You’ve probably already dealt with the ‘cookie law’ which focuses on website opt-ins. GDPR, however, goes much further and the onus on businesses is huge.
Users will be able to demand the full deletion of all their details for instance, as well as ask for their data in a portable format that can be transferred between data processing entities.
And penalties for turning a blind eye to the new regulation are too big ignore. Non-compliance can trigger a fine of up to 20 million euros or 4% of total revenue, whichever is the greater. Note: that is revenue, and not profit they measure, which could be particularly painful for smaller businesses. Can your company really afford to take a 4% hit on revenues?
When must businesses act and how?
The law will come into force across Europe in May 2018 and applies to businesses of all sizes. While that is still a considerable distance away, the complexities surrounding GDPR should be heeded with care.
According to Computer Weekly, 44% of IT professionals are unaware of the incoming rules. And a separate piece of research by Dell suggests 97% of all businesses don’t have a plan in place to deal with GDPR. I worry that for many organisations the constant need to stay on top of new compliance can lead to fatigue in dealing with issues such as this.
Considering the complexities surrounding the architecture of new workflows, the time to act is now. SMBs in particular could find themselves exposed owing to this complexity. And businesses of all sizes should look to experienced partners and vendors in the business process space if they want to navigate through this period of change.