How The General Data Protection Regulation Will Affect Your Business

Proshare

Tuesday, May 22, 2018  12.15PM / PwC 

GDPR at a glance

On 25th May 2018 the General Data Protection Regulation comes into force, revolutionising the way that personal data are used and handled. Controllers and processors of personal data have a short amount of time to get ready. PwC can help and in this post, we explain how and why. 

What does GDPR mean for my organisation?

If you are an organisation processing personal data in Europe; or you are targeting Europe goods and services; or you are monitoring the activities of European citizens online, you will need to comply with GDPR.

 

The GDPR is the largest development to data protection legislation since the European Data Protection Directive in 1995. It will require wide-scale privacy changes in all regulated organisations, and regulators will gain unprecedented powers to impose fines. Nevertheless, the GDPR also represents an opportunity to:

  • transform your approach to privacy,
  • harness the value of your data, and
  • ensure your organisation is fit for the digital economy.

 

It is essential that organisations are able to demonstrate to regulators that they have robust plans in place to comply. 

 

It puts individuals back in control of their personal data

Consumers, customers, workers and users of public and charitable services have more power to control how their data is used. Controllers and processors of personal data could be required to report on, move or dispose of personal data if requested and they must have the capabilities to do this whenever the laws apply. The options for using personal data is restricted. 

 

How you use data will be more transparent

The idea of transparency is now considerably strengthened under the GDPR. Article 5 of the GDPR sets out a number of principles with which data controllers must comply when processing data. They must process the data “lawfully, fairly and in a transparent manner in relation to the data subject”. Organisations will be required to articulate all of the ways personal data is used, and make it clear to individuals what their data is being used for and with whom they have shared it. 

 

Organisations will be subject to higher standards of accountability

Organisations will be required to implement measures to prove their compliance. Such measures include keeping records of processing activities, providing individuals with notice of their rights and employing techniques like pseudonymisation or encryption to ensure the security of personal data. Additionally, organisations will also have to ensure that data they pass to third parties is handled in a manner compliant with the GDPR. As well as this, some may have to appoint a Data Protection Officer (DPO) and undertake privacy impact assessments. 

 

Consequences - Fines are getting bigger, and the timelines are getting shorter

The GDPR introduces a tougher enforcement regime and it exposes entities to increased financial liability. Fines for non-compliance can be as severe as 4% of annual turnover or 20m EUR – whichever is higher. 

 

Data subjects’ rights have been strengthened and expanded upon

The data subjects’ rights aim to allow individuals to have control over their personal data and people will also be entitled to sue for compensation if they suffer damage or distress by reason of non-compliance. The regulation retains the existing rights of data subjects and creates new rights for individuals such as the “right to be forgotten” and the “right to data portability”. These rights are complex and it is unclear how these rights will operate in practice. As data subjects’ rights strengthen, it is important that organisations are aware of what each right means for them and their business. 

 

What else is changing?

The regulatory imperative of GDPR creates some very specific issues. These changes include

 

Right to be forgotten

Under the right to erasure/to be forgotten individuals will have the right to ask organisations to delete their personal data in certain circumstances.

 

Guaranteed data portability

In certain circumstances, individuals can request to transfer their personal data from your organisation to a third party. The transferred data must be sent in a structured, machine-readable format to the third party, so organisations should begin thinking about technical implications of data portability.

 

Data breach

If you have a data breach you will have 72 hours to report it. Fines for non-compliance of the GDPR could be up to 2% global annual turnover. 


Proshare Nigeria Pvt. Ltd.

 

Resources

·   General Data Protection Regulation: Readiness Assessment Tool

·   General Data Protection Regulation (GDPR)

· Personal data breach framework: Putting you in the best position to deal with challenge

·   GDPR framework second opinion

·  Technology's role in data protection - the missing link in GDPR transformation


 Proshare Nigeria Pvt. Ltd. 

 

Related News

1.       How SMEs can prepare for the General Data Protection Regulation

2.      ECB Publishes European Framework For Testing Financial Sector Resilience To Cyber Attacks

3.      UK Cryptocurrency Industry Urges MPs To Back Plans For Regulation

4.      New York Attorney General's Office Launches Inquiry Into Cryptocurrency Trading Platforms

5.       Bank of England Explores Centralized DLT System Open To Regulatory Oversight, Releases PoC

6.      Central Bank of Kenya Starts Implementation of Interoperability of Mobile Phone Financial Services

7.       South Africa’s Central Bank To Establish Self-Regulatory Body To Oversee Crypto Industry

8.      US SEC Breaks Silence On Certain Cryptocurrency Exchanges

9.      MAS And Financial Industry To Develop Guidance On Responsible Use Of Data Analytics

10.  Japan Exchange Regulation: Introduction Of Artificial Intelligence To Market Surveillance Operations

11.    Fair Dealing in Advertising: Guidance For Crowdfunding And Peer- to-Peer Lending Published (NZ)

12.   SEC Publishes New Guidance On Cybersecurity Disclosures And Compliance Practice

13.   Establishment of the Euro Cyber Resilience Board for Pan-European Financial Infrastructures

READ MORE:
Related News
SCROLL TO TOP