The draft EU General Data Protection Regulation is now two years in the making, and has undergone more than 3,000 revisions since the EU Commission first proposed a single, harmonised privacy law for the EU in January 2012.
The draft Regulation introduces important changes to EU data protection law that will have a significant impact on companies doing business in the EU.
The Regulation proposes certain controversial requirements, such as fines of up to €100 million or 2 – 5% of annual worldwide turnover (whichever is greater).
A ‘trilogue’, involving the EU Council, Parliament and Commission is now underway, with the aim of finalising the Regulation by early 2016. Adoption is expected to be by 2017 or 2018.
Tell us what you think about the contents of the draft Regulation
We are running a short survey to find out what organisations are doing to start preparing for the far-reaching changes to data protection in Europe and beyond. All respondents will receive a copy of the resulting Data Protection Report.
A brief recap
To recap, below are some of the key changes that companies can expect from the Regulation once it comes into force. You can read more about these changes here.
- The definition of personal data will become broader, bringing more data into the regulated perimeter
- Rules for obtaining valid consent will change
- The appointment of a data protection officer (DPO) may be mandatory
- The introduction of mandatory privacy risk impact assessments
- The introduction of data breach notification regulations and changes in liability will have a profound impact on the supply chain
- The right to be forgotten
- The international transfer of data
- Data portability
- Privacy by design
- Non-EU controllers (and possibly non-EU processors) that do business in the EU should prepare to comply with the Regulation.
Step up your compliance drive now
ISO 27001 offers a framework for the implementation of an information security management system that protects, manages and maintains information and data security. ISO 27001, alongside its code of practice, ISO 27002, sets out the technical specifications of an information security management system (ISMS). An ISMS is “a systematic approach for managing and improving an organisation’s information security to achieve business objectives.”
Our unique blend of expertly developed ISO 27001 tools, consultancy and resources can be applied to help organisations of any size to implement secure information systems and processes.