Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit your current policies and processes and make any necessary changes in readiness for the GDPR.
GDPR: What is going to change?
Among the changes the GDPR introduces are increased rights of individual data subjects, new requirements for data breach notifications and increased sanctions for data breaches. The GDPR also has extra-territorial application, requiring compliance from organisations based outside the EU if they offer goods or services and/or track individuals anywhere in the EU.
Because of the changes the GDPR will implement, it is important that you understand all of the obligations the GDPR will place on your business. The GDPR will affect all organisations with any interests in the EU, so it is not just for Europe-based organisations.
What should you be doing?
In readiness for May 2018, you should be putting a compliance plan in place to ensure any necessary changes to your data policies and processes are completed before the GDPR comes into force. We have created guidance materials to help you plan your path to compliance.