General Data Protection Regulation (GDPR)

The new General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each member state and will lead to a greater degree of data protection harmonization across European Union nations.

Although some companies have already adopted privacy processes and procedures consistent with the previous Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant organizations (data controllers and processors), once it comes into force in the spring of 2018.

But the compliance alone is not enough; data controllers and processors will also have to demonstrate their compliance and prove that they are taking data protection seriously by implementing a range of accountability measures such as Privacy Impact Assessments, data protection audits and security policy reviews.

The new General Data Protection Regulation is governed by the following pillars:

  • Consent of individuals
  • Accountability
  • Technology Independency
  • Concern all process types of Personal Data
  • Impact Assessment(s)
  • Penalties
  • A Regulation for all Europe

The full text of the regulation can be viewed or downloaded from this link
 

THE OPERATIONAL IMPACTS

There are significant changes to Europe’s data protection regime under the GDPR, but the introduction of heightened fines and a robust enforcement mechanism suggest that the Regulation’s provisions should be taken seriously.

WHAT THE COMPANIES MUST DO?

With new obligations on such matters as data subject consent, data anonymization, breach notification, trans-border data transfers, and appointment of data protection officers, to name a few, the GDPR requires companies handling EU citizens’ data to undertake major operational reform.

NETBULL METHODOLOGY

Our company is specialized in information security and has a holistic approach to the GDPR compliance of companies that collect, maintain and process personal data. The approach contains assessment services, implementation of technological countermeasures and security systems monitoring on 24 hour basis.

To understand the terms of the regulation, you can see the GPRS glossary.