According to our first EU General Data Protection Regulation (GDPR) Report, 68% of respondents haven’t updated their processes to comply with the Regulation’s new data subject rights.
On a more positive note, 63% of respondents have updated their data protection policy in the past six months or are currently in the process of doing so.
The report surveyed 250 of our clients, and is intended to provide practitioners and senior management with insights into how organisations are progressing with GDPR compliance, the challenges they face and the measures they are adopting.
New rights under the GDPR
The Regulation extends a number of individuals’ rights, and has created three new rights: the ‘right to be forgotten’, the ‘right to restriction of processing’, and the ‘right to data portability’. The Information Commissioner’s Office (ICO) provides a comprehensive explanation of data subject rights under the GDPR.
Organisations that haven’t yet updated their processes to comply with the GDPR have until 25 May 2018 to do so. This means that the majority of the respondents to our survey have less than a year to address this issue, or they could face substantial penalties. Any organisation that fails to comply with the Regulation is subject to a fine of up to €20 million (about £17.5 million) or 4% of its annual global turnover – whichever is greater.
To help enforce these rules, the ICO has said that it will recruit 200 new investigators, lawyers, analysts and policy advisors. Speaking to a House of Lords committee, Information Commissioner Elizabeth Denham said: “With the coming of the [GDPR] we will have more responsibilities, we will have new enforcement powers. So we are putting in new measures to be able to address our new regulatory powers.”
How to comply with the GDPR
Since early 2016, IT Governance has continually worked to raise client awareness of the GDPR through free resources, webinars, blogs, training courses, books and other avenues. You can compare your organisation’s GDPR preparations with our average client by downloading our free GDPR Report.
For in-depth guidance on the changes your organisation needs to make to comply with the GDPR, you should read EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide. It covers:
- How to set out the obligations of data controllers and processors
- What to do with international data transfers
- Data subjects’ rights and consent
- The role of the data protection officer (DPO)
The guide also provides detailed commentary on the GDPR, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.