The past few years have seen significant developments in data protection, including more aggressive enforcement by regulators affecting both small and large businesses around the world.
New Regulations and Fines
Enforced on 25 May 2018, the EU General Data Protection Regulations (GDPR) is the biggest shake up ever to data protection laws. It places major emphasis on enforcement with increased penalties for breaches and fines of up to 20 million euros or 4% of an organization’s global annual revenue.
The GDPR applies to all businesses who process or monitor personal data of EU residents or are offering goods and services to EU residents. All data must be processed in line with the GDPR, regardless if the processing takes place in the EU or not.
For example, a Caribbean based company that handles the data of EU citizens can be investigated, fined and even prosecuted by an EU regulator. The GDPR rules will soon also be copied by regulators around the world.
Reporting Data Breaches
The biggest change to the data protection landscape is the mandatory data breach reporting deadline of 72 hours from detection of the breach. This puts huge pressure on organizations and increases the likelihood an organization faces regulatory action. Failure to notify regulators could result in hefty fines.
The breach must also be communicated within 72 hours of discovery to the person (data subject) whose data has been breached.
If an employee loses a laptop with customer records on it, the organization must inform every customer that their data has been compromised within 72 hours. The legal consequences, brand damage, litigation and media reporting could be significant.
How We Can Help
Getting ready for the GDPR boils down to three steps:
Understand and identify your compliance gaps by reviewing existing processes.
Plan your remedial activities in the event of a data breach. With just 72 hours to report a breach, you should have clear processes in place.
Implement the changes needed to ensure compliance. Good governance and transparency should be built into every process. The majority of data breaches come from employee error. Educating all employees by raising their awareness is paramount.
The Cyberbloc team can guide you through this process by providing a manageable outline of GDPR compliance tasks and assist you in the revision and updates to policies and processes impacted by GDPR compliance.