Published on 13/01/2017 in Innovate
In the past twenty years, technology has developed at record speed. Internet has become omnipresent, social media have claimed their place and big data has become big business. And the legislation? It lagged further and further behind.
In April this year, the European Parliament approved the General Data Protection Regulation (GDPR). Every company now has just under two years to take the necessary measures before this legislation comes into force on 25 May 2018. The fact that this is a real 'regulation' means that the law will take effect immediately in every European member state. Moreover, the law does not just affect European companies. It also applies to all companies or organizations that deal with personal data from European citizens. Infringements of the law are punishable by fines that may amount to four per cent of the global annual turnover or EUR 20 million.
The law has widened the definition of personal data. Genetic, social, cultural, mental and economic details are now also considered personal data. Basically, this means that if you keep anything about your customers, suppliers, etc., you fall under this regulation. So even an accountant or the baker on the corner where you can order your bread via a webshop will be subject to these rules.
From 25 May 2018, all companies that process personal data will have to appoint a data protection officer and carry out data protection impact assessments for projects with high privacy risks. Data leaks have to be reported within 72 hours. Data processors can be held directly responsible for the security of personal data. This has sizable consequences in terms of both infrastructure and organization. Customers can ask a company what data are stored. The company has to disclose this transparently.
Companies that work together and exchange data about European citizens both have to comply with these regulations. In addition, every company not only has to be able to detect data leaks and security incidents itself, but respond correctly to them: the leak must be sealed, an investigation must be launched and legal proof must be collected. You also have to prove that you have taken minimum protective measures to cover personal data relating to your customers, suppliers, etc. All data from before the incident have to be stored and must be retrievable.
Proximus guides you through this process with insight and solutions.
Contact your account manager or contact us via firstname.lastname@example.org