After four years in the making, the European Union’s General Data Protection Regulation (GDPR) has recently obtained
its final legislative approval. It will be enforced on May 25, 2018, replacing
the national laws and regulations based on the venerable 1995 EU Data Protection Directive.
New principles with uncertain consequences
have been added into the regulation, such as a stricter concept of consent,
a requirement for data portability,
and a “right to be forgotten”.
At the same time, it offers hope for a greater level of uniformity across Europe, which multinational enterprises may welcome. The objective of this new set of rules is to give citizens back control over of their personal data and to simplify the regulatory environment for business. As per this regulation, companies should already consider their compliance landscape in their product design, operational planning, privacy policies, security systems, contracts etc.
In case a company does not comply with the Regulation, administrative penalties up to EUR 20 million or 4% of the annual revenues may be asked by national data protection authorities and courts. Therefore it is highly recommended to enterprises, to appoint a data protection officer - like SNSfortech, to confirm compliance with GDPR.