For reasons going back in history, the EU has established itself as the pioneer in data protection legislation and 2016 was no exception.

In April 2016, after years of preparation, the new General Data Protection Regulation (GDPR) was adopted to harmonise patchwork directives across EU member states and safeguard the rights of citizens in the digital economy.  It comes into effect on May 2018, and being a regulation rather than a directive, will apply regardless of any approbation by individual member states.  Its noble goal has been to simplify the task of compliance and ultimately reduce its cost. But the GDPR comes with a massive sting in its tail.  According to a recent global study, what 80% of IT professionals fail to recognise is the international reach of this EU regulation, and the eye-watering penalties of failing to comply.

Whether your organisation is based in the US, UK or anywhere else in the world, insufficient provision for protecting EU citizen data runs the risk of fines of up to €20 million or 4% of your turnover worldwide (whichever is higher).  

Organisations can amass personal data on EU citizens unwittingly through common techniques such as profiling, loyalty cards, online shopping and the like. The final text of the GDPR even references “monitoring the behaviour” of EU residents by tracking their digital activities. The GDPR cannot get much broader, given that nearly every website in the world does exactly that.

So what actually constitutes personal data, and how can you comply? Any data that pertains to a person’s online ids, credit card information, IBANs, any type of banking information, as well as health information, even location data and biometric/genetic data is considered personal. The GDPR requires that you take both organisational and technical precautions to prevent the transfer of data to a non-compliant body, prohibit use outside its intended purpose, and anonymise data where necessary. It also demands notification of a data breach within 72 hours (welcome news in the wake of the Yahoo debacle where it took nearly two years to disclose one of the biggest customer security breaches on record).

Find our full data protection white paper here.


By Olenka Van Schendel, vice president of strategic marketing & business development at Arcad Software

Visit our website to see events that will help you keep up to speed on; Data protection, cyber security, digital marketing and business growth. View upcoming events here!

comments powered by Disqus