Complying with the requirements of the new data protection law
The General Data Protection Regulation (GDPR) will take effect on May 25, 2018. The regulation strengthens the rules on how organizations operating within the EU can collect, access, store, and manage personal data. It also impacts existing legislation, such as in Sweden, where it will replace the Personal Data Act (PUL).
Some of the most notable changes include:
-
Data subjects will have easier access to their own data
-
More specific requirements will be needed for obtaining consent to collect an individual’s data
-
Data subjects will be able to request the transfer of their data from one organization to another
-
Data subjects will be able to request the deletion of their data
-
Organizations affected by a data breach will have to report it within 72 hours of detection
Non-compliance can result in fines of up to €20 million or 4% of global turnover. Two years is not a long time, so now is the right moment to start preparing for the new rules.
The new law poses significant challenges
The GDPR introduces new requirements regarding how personal data can be collected, stored, and used, which can create challenges—especially given the severity of the penalties. It’s time for organizations to take full control of the situation. Which data is being stored? How is it stored? For what purpose? A risk analysis is a good starting point to identify how sensitive data is being managed and what needs to change to be compliant by 2018.
Here are some useful links for more information on the new regulation:
