General Data Protection Regulation
5 Steps to prepare for the new EU Data Legislation
The clock is officially ticking for organisations to get their data protection policies in order, now that the final draft and approved text have been made available for the General Data Protection Regulation to replace the existing EU Data Protection Directive.
The new regulation will come into effect in 2017 and will require businesses to put a much stricter focus on data protection.
The headline items for organisations that collect or process EU citizen records are:
They must notify their supervisory authority of a data breach within 72 hours. The subject will have the right to retract consent, request data erasure or portability. They may face fines of up to 4% of their worldwide turnover, or €20 million for intentional or negligent violations.
These increased sanctions mean it is vital that the final legislative text be fully understood by a number of key stakeholders within the business, and that businesses start planning ahead as soon as possible.
To help them with that here are five key steps to help organisations perform a basic assessment of their current data protection strategy and any potential gaps that need filling.
Underpinning all of this is the fact, no matter how big a company is, that businesses have to begin thinking about their security in terms of when they will face an attempted data breach, rather than if. Only when businesses accept this will they be able to plan and execute successful security defences and policies.
Watch our exclusive webcast, in partnership with Forcepoint
With the approved text now available for the new General Data Protection Regulation (GDPR), organisations must be prepared for when the new regulation comes into effect in 2018. Forcepoint brings you top experts in privacy law and data protection to help explain this new regulation and the implications for all organisations that process EU citizens’ data.
The headline items for those organisations collecting or processing EU citizen records include:
- Mandatory data breach notification within 72hrs to the supervisory authority
- Right for data subject to retract consent, request data erasure or portability
- Administrative fines up to 4% worldwide turnover or 20m Euro for intentional or negligent violations
Listen to Information Security & Strategy Officer, Neil Thacker and guest speakers, Hunton & Williams Senior Consultant Attorney, Rosemary Jay and Associate, James Henderson, for a presentation and Q&A.Visit Forcepoint PageRequest a Demo