What is GDPR and how does it affect me?
The GDPR was adopted by the EU Council and Parliament in April 2016, and will take effect in every EU member state in May 2018. It sets outs the requirements for organizations and Member States in regards to the collection, processing, transfer and storage of personal data, aka Personal Identifiable Information or PII.
The GDPR applies to organizations within the EU, and to any external organizations that are hold or process European personal data inside or outside the EU. This potentially includes organizations everywhere in the world.
Failure to meet the requirements of the Regulation could turn out in maximum an administrative penalty up to 4% of annual global turnover or €20 million, whichever is greater.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
May 2018: What should I do?
The first step towards understanding how GDPR affects your organization will be a data audit, identifying if there is any personal data already hold, who has it been shared with and where is it held now.
Most organizations will also be required to appoint a Data Protection Officer (DPO) that should be determined based on certain conditions described in the Regulation. The DPO's role revolve around ensuring that organizations comply with all relevant data protection legislations, especially the GDPR.
Article 24 of the GDPR states that data controllers must implement "technical and organizational measures to ensure and to be able to demonstrate that the processing is performed in accordance with the Regulation".
In simple words these are the initial steps:
- Discover your data: is there personal data
- Understand your data: where it is and how it is used
- Determine what needs to be done with your data
- Preform a gap analysis agains a good practice framework (ISO27001 or BS10012)
- Examine the need for a Data Protection Officer (DPO)
Contact us for a free assessment on GDPR: info@katakri.cc