The General Data Protection Regulation (GDPR) comes into force on May 25th 2018 and brings a tightening and extension of existing data protection regulations, mandatory reporting of breaches and huge fines for companies that fail to comply.
Now is ths time to start preparation within your company.
After years of discussion, 4 year of preparation and thousands of amendments, the EU finally approved this 260 page regulation on 14 April 2016. In their words : "The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy."
Companies that collect and process personal information need to start preparation for this right away. New project need to include a Data Protection Impact Assessments (DPIA).
This will review the potential privacy issues that could possibly occur and take mitigating steps. Some organizations will need to appoint a Data Protection Officer (DPO) and make sure that person has the authority and knowledge to perform the role effectively. You can find out more at GDPR and You, a website setup by the Data Protection Commissioner.