Are you ready for new data protection laws?
Data protection law hasn’t undergone a significant update since the EU brought in legislation in 1995 – just six years after the birth of the World Wide Web. But GDPR is about to shake things up.
Now, 23 years later, the new law – known as the General Data Protection Regulation – will replace that aged directive on May 25 in a move that, according to the UK’s Information Commissioner’s Office, signals an “evolution” rather than a “revolution” for data protection.
GDPR is intended to strengthen and unify data protection law in the digital age. It means that any organisation – large or small – processing or controlling data in the European Union must comply with the legislation, which will be transposed into the national laws of each member state. Brexit doesn’t change this reality.
Organisations that commit serious infringements – such as repeatedly failing to seek customer consent to process data – will face fines of up to €20 million or 4% of their worldwide annual revenue, whichever is higher.
But despite the alarmist tone about GDPR coming from opportunist salespeople, the best advice for many organisations is to keep calm and carry on. Most organisations are already dealing...