The new mandatory regulations on customer data protection: are you ready for them?
Published on 30/09/2016 in Innovate
It’s a done deal: the new European regulations on customer data have been approved by the European Parliament. Why did Europe think this law was so important? And above all: what are the consequences for your company? It’s high time for some clarification.
In the past twenty years, technology has developed at record speed. The internet has become omnipresent, social media have claimed their place and big data has become big business. And the legislation? Well, it has lagged further and further behind.
New times, new laws
In April this year, the European Parliament approved the General Data Protection Regulation (GDPR). Every company is now given a bit less than two years to take the necessary measures before this legislation comes into force on 25 May 2018. The fact that this is a real ‘regulation’ means that the law will take effect immediately in every European member state. Moreover, the law applies not only to European companies, but to all companies or organizations that deal with customer data from European citizens. Infringements of the law are punishable by fines that may amount to four per cent of the global annual turnover or EUR 20 million.
What does the new law require of your company?
The law has widened the definition of personal data. Genetic, social, cultural, mental and economic details are now also considered personal data. Basically, this means that if you keep anything about your customers, you fall under this regulation. So even an accountant or the baker on the corner where you can order your bread via a Web shop will be subject to these rules. From 25 May 2018, all companies that process personal data will have to appoint a data protection officer and carry out data protection impact assessments for projects with high privacy risks. Data leaks have to be reported within 72 hours.
Data processors can be held directly responsible for the security of personal data. This has sizable consequences in terms of both infrastructure and organization. Customers can ask a company what data are stored. The company has to disclose this transparently. Companies that work together and those that exchange data about European citizens both have to comply with these regulations.
In addition, every company not only has to be able to detect data leaks and security incidents itself, but respond correctly to them immediately: the leak must be sealed, an investigation must be launched and legal proof must be collected. You also have to prove that you have taken minimum protective measures for your customer data. All customer data from before the incident has to be stored and must be retrievable.
Proximus did not wait for the approval of this law to prepare its own services and the services for its customers. So you can come to us for consultancy, security audits, security checks or storage for backup & restore and data encryption in our secured data centers. We identify the weak points in your network and on your websites and immediately offer you the right solutions to overcome them. For instance, you can use our Proximus Secure Internet solution, a latest-generation firewall that we manage for you so that you can be sure you have the most recent protection effortlessly. This is just one of the many examples that demonstrate how security and efficiency can go hand in hand.