The proposed new EU data protection regime extends the
scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover Privacy is a fundamental human right recognized in the UN Declaration of Human Rights and in
many other international and regional treaties. Privacy underpins human dignity and it has become one of the most important human rights issues of the modern age. The GDPR primarily aims to give control of personal data back to citizens and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect on 25 May 2018 it will replace the current EU data protection directives Most businesses already take
information security and privacy very seriously and wish to maintain industry best practices to ensure the availability, integrity and confidentiality of personal data while it is in their custody. Being aware of the requirements of the GDPR and considering its relevance to an organisation, as both a data controller and data processor requires a GDPR compliance strategy, which usually involves a cross-functional team and some companies have also appointed a Data Privacy Officer (DPO) to oversee
the compliance strategy. For many companies the GDPR requirements are seen as the minimum standard to maintain world class global data privacy controls.
The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover. Getting ready for GDPR
PurposeControl of how personal information is used by organizations, business or the government PrinciplesPersonal information must be
Implementation is delivered through Technical and Organizational Measures (TOM’s)
PIA is a risk assessment for processing of personal data and is mandatory in case there is a high risk to the data subjects rights and/or:
For both internal and external processes, commercial products and services, privacy requirements should be factored in during the design:
GDPR – a quick summaryKey Areas to Consider
Read the GDPR eBook to learn more about how GDPR could impact you > Which Cybersecurity Act defines individual rights with respect to the privacy of their personal information and governs how private sector organizations collect?Personal Information Protection and Electronic Documents Act (PIPEDA)
Which cybersecurity regulation strengthens data protection?FISMA. The Federal Information Security Management Act (FISMA) is a comprehensive cybersecurity framework that protects federal government information and systems against cyber threats.
Which regulation addresses data protection and privacy for all individuals in the European Union EU )?The General Data Protection Regulation (GDPR) is a regulation that harmonizes national data privacy laws throughout the EU and enhances the protection of all EU residents with respect to their personal data.
What is the European Union General Data Protection regulation?Regulation (EU) 2016/679 of the European Parliament and of the Council1, the European Union's ('EU') new General Data Protection Regulation ('GDPR'), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.
|