In under four months, Europe’s data protection regulations will undergo the biggest modernization in two decades. The EU’s General Data Protection Regulation (GDPR) is set to be enforced by 25 May 2018 – at which time non-compliant organizations will face heavy fines of up to 4% of their annual turnover.

At present, Gartner predicts that by the end of 2018, more than 50% of companies affected by the GDPR will not be in full compliance with its requirements.

Key Highlights:

 

What you may need to do:

Accountability

Demonstrate compliance by maintaining a record of all data processing activities

_______________________________________________________________

Data Protection Assessment Impact Analysis (DPIA)

Conduct DPIA if the processing activity is likely to result in high risk to the rights of individuals

__________________________________________________________________

Data Security

Keep Personal Data secure through appropriate technical and organizational measures

_______________________________________________________________

Data Breaches

Report data breaches within 72 hours to the regulator

_______________________________________________________________

Data Protection Officer

Appoint Data Protection Officer if processing sensitive data

_______________________________________________________________

Data Transfer

Transfer data outside EU if appropriate safeguards are in place

________________________________________________________________

To assess readiness of your firm with GDPR, you can use the below checklists published by Information Commissioner’s Office:

  1. https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-controllers/
  2. https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-processors/