After four years of preparation to overhaul the European Union’s data protection rules, the members of the EU Parliament gave final approval yesterday to the EU General Data Protection Regulation (GDPR).
The GDPR is a big step forward for better protection of EU residents’ data with a consistent set of regulations across borders.
The GDPR applies to businesses of all sizes, anywhere in the world, that hold information on European residents, and shows that Europe is taking the subject of data protection seriously.
We think the new regulation will make data protection a board-level issue, and it’s a signal to all companies who do business in the EU that they need to protect their customers’ data. Our advice is: don’t ignore the regulation and think “I won’t get fined.”
Data breaches occur every day, and the EU has just increased the consequences of inadequate security – up to 4% of global revenue. In addition, the proposal that National Data Protection authorities will have the power to impose fines on companies directly will make it easier and quicker to take action.
Those outside the EU will also need to pay attention as the law applies to all companies that hold data on European residents, regardless of whether that company has an EU base or not.
We think these regulations will provide a fairer, clearer approach to enforcing data protection.
While the new requirements mean some further investment in data protection for many companies, businesses will ultimately benefit as customers both within and outside the EU become more confident in online transactions.
Businesses need to review their data protection policies and technology to check they are compliant, and should not be shy of reaching out to their local regulatory body or trusted consultant for advice on how to get it right.
Be proactive and protect the data you hold, encrypt it, and always keep your security solutions up to date.