We have just published a white paper on the General Data Protection Regulation (GDPR), the European Union (EU)’s new data protection regulation, released in May 2016 and with an implementation date of May 25, 2018. Every organization that collects or process personal data on EU residents must comply with the new regulation, regardless of where they are located, or they will face significant financial penalties (up to four percent of their annual revenue) and reputational damage.
Complying with the GDPR requires any organization with personal data on EU residents to implement both organizational and technology measures to remain in compliance. Organizational measures include appointing a Data Protection Officer, developing policies and training on handling personal and sensitive personal data, and an approach for executing a Data Protection Impact Assessment (DPIA). Technological measures for protecting data include capabilities like data classification, data loss prevention, encryption, managing consent more explicitly, data transfer limitations, and technologies that enable data subjects to exercise their rights to access, rectify, and erase personal data held by data controllers.
It is important to note that the GDPR is focused on the protection of personal data, not just its privacy. Complying with the protection mandate requires a higher degree of proactive and far-reaching effort on the behalf of organizations that control or process personal data.
The survey we conducted for this white paper among mid-sized and large organizations that will be subject to the GDPR found that the majority (58 percent) are not sufficiently familiar with the wide scope of the regulation and the penalties it includes. Only 10 percent believe their organizations are “completely ready” to comply with the requirements of the GDPR. That’s a serious problem, since the penalty for failure to comply with the GDPR could cost a large organization many millions or tens of millions of dollars.
You can download our just published white paper here.