The GDPR is the single biggest change in Privacy Legislation in a generation and the clock is already ticking. The GDPR (Regulation (EU) 2016/679 of the 27th of April 2016 comes into force on the 25th of May 2018.
It clearly focuses on the rights of the Data Subjects, security of data, consent, data breaches, Data Protection Officers, processor liability and the requirements of organisations to meet those rights. The GDPR is applicable to all business from the Small Home Operator/SME to the Large Multi-National and all Public Agencies and Authorities.
GDPR is not a fad or a Y2K scenario but a substantial piece of regulation that needs to be met and administered from Board level in an organisation. If an organisation does not meet the regulation the fines are substantive and dissuasive. In plain language from the 25th of May 2018 if your organisation is not in compliance with the regulation you will be fined and ignorance of the regulation is not a defense. Where we talk about substantive and dissuasive, you are looking at fines as high as €20 million or 4% of Worldwide Turnover, or €10 million or 2% of Worldwide Turnover from the prior year, whichever is the greatest. Additionally, Data Subjects who have been impacted by a breach in the regulation are now afforded the right to compensation through judicial process.
The first significant item to note is that this is a Regulation and not a Directive and does not require any Local Law to facilitate it. It is to be adopted immediately by all member states and those that process EU natural persons’ data be they processing the data in the EU or not.
There are some significant areas of change that need to be addressed immediately. Below we have highlighted just a few of them;
For further information and support of GDPR readiness you can contact
Paula Carney-Hoefler, E.I.I.C.M. Credit Cert, Dip Law,
Client Credit Risk & Compliance Manager,
The Ward Group on
+353 (0) 872681891
Chamber News & Events
Read some of our past events and posts,