20 million reasons for organisations to get EU data reforms right

With the dramatic increase in fines of up to 4% of international turnover or €20m, and this means that organisations cannot afford to get data protection wrong.

Not only does the new EU General Data Protection Regulation strengthen the data protection principles it also requires organisations to demonstrate compliance and ushers in greater enforcement powers for the regulators.

The Information Commissioner, Christopher Graham, speaking at the ICO’s annual Data Protection Practitioners’ Conference, called for organisations to begin their preparations for the forthcoming EU data protection reforms.

“People have never been so aware of what their personal data is, and never cared so much about how it is used. The law is changing to reflect that.

“The EU data protection reforms promise to be the biggest shake up for consumers’ data protection rights for three decades. Organisations simply cannot afford to fall behind. We know data protection officers understand this, and we know they sometimes find their views ignored in the boardroom. The new law gives directors 20 million reasons to start listening.”

With the deadline for compliance exactly two years away (25th May 2018) there is much to do to prepare and demonstrate compliance.

Here are some of the key questions that need to be asked of your organisations:

  • Do you know what personal data you process and the legitimate purpose for this?
  • Are there adequate policies and procedures in place to protect against the loss, damage or destruction of personal data?
  • Is information security on the organisations risk register?
  • Do you have a nominated Data Privacy Officer in your organisation?
  • Do your employees understand their obligations when processing personal data?
  • Is information security incorporated in to your procurement process?
  • Are your employees/clients aware of what personal data you process and why?

If you answered no or not sure to any of the above questions there is work to be done.

Please contact us to discuss the implications of the new EU General Data Protection Regulation and/or details of upcoming briefings.

Reference: ico news release 14 March 2016