The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018. This new European data protection legislation has major consequences for companies that store and process European consumer data and goes further than the current EU Directive.
The comprehensive legislation centers around the rights of the individual. Under this new law, people will be able to gain more insight into and exercise more control over their data, even after they've authorised you to store and process their information. Any organisation holding or handling European citizens' or EU Residents' personal information will have to comply with this new law. And beware, in this context IP addresses are considered personal information, which means that essentially everyone will be affected by this legislation, and those found to be in breach of it risk fines of up to twenty million euros or four per cent of their global turnover, whichever happens to be highest.
More than IT
Because this law concerns data privacy, many organisations consider it an IT issue. Research by data management specialists Relay42, conducted among financial institutions in the United Kingdom, showed that a stunning 98 per cent of C-level marketers (CMOs) see the General Data Protection Regulation (GDPR) as a matter for their IT departments to deal with. Only four per cent of marketers surveyed think their department bears some of the responsibility for compliance with this legislation and regulation.
Although IT is certainly critical in achieving compliance, the GDPR goes way beyond the IT department -but you'll definitely require IT to help you shape the processes and engineer systems to establish "privacy by design" and implement record-keeping duties.
You will, of course, need highly qualified people, trained to know exactly which requirements to meet and what processes to put in place to achieve compliance. Still, there will be many other people whose jobs involve working with data, who tend to be more aware of the opportunities than of the risks this presents.
All aboard the GDPR Express!
Marketing, HR and Sales usually handle large amounts of personal data across numerous processes. It is crucial that everyone who stores or handles data is up to speed on whichever pieces of legislation are relevant to them, especially considering the interest that data may have to them in terms of usage and application - and which they might like to play around with. It is important for these departments to know what they can and cannot do, and what obligations they have in terms of data handling. Because in the end, to comply with the legislation, you will have to demonstrate compliance across the organisational hierarchy.
Compliance with the General Data Protection Regulation will take time to implement, so it is essential that you act now to understand the impact of GDPR on your organisation and processes, and identify what changes you need to make.