Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII
Issue XVIII
Issue XIX
Issue XX
Issue XXI
Issue XXII
Issue XXIII
Issue XXIV
Issue XXV
Issue XXVI
Issue XXVII

click here to

Subscribe to our newsletter



To Unsubscribe click here

The Timeline & Milestones for EU General Data Protection Regulation (GDPR)

Companies throughout the EU will face significant challenges in handling personal data when the General Data Protection Regulation (GDPR) goes live. The GDPR will automatically translate into national legislation and will present dramatic changes on how personal data will be collected, stored, accessed, disclosed and utilised from 2018.

General Data Protection Regulation (GDPR); the existing EU data protection regime is based on the 1995 Data Protection Directive (95/46/EC). The significant advances in information technology from the past 20 years need to reflect the fundamental changes in IT communication, sharing data, new IT, data & cyber developments. The various EU member states cannot adopt a divergent approach to implementing the General Data Protection Directive in the future so there will be uniformity between the member states.

General Data Protection Regulation is a harmonised data protection law (GDPR)
The GDPR directive can provide IT Governance and compliance difficulties for many businesses in recognising the challenges. Although the GDPR is not likely to enforceable before 2018, there will be a number of time restraints due to the scope and magnitude of the entire project.

We suggest that all EU companies begin with a workshop to determine the strategy and assessment to define the obvious gaps to roll out the GDPR compliance process. On the 25th August 2016, we will provide guidance on the impact of the GDPR on businesses and what they should be doing right now to avoid major IT, data and reputational problems on the annual IT security Day.

Obligations to respond in the event of a data breach.
The regulation requires organisations with 250 employees or more to have a Data Protection Officer, responsible for ensuring compliance. The most extreme consequence is that companies can be fined up to €100 million or between two-five percent of their global turnover, in the event of a data breach of personal data. Also, companies are required to inform authorities of a data breach within 72 hours and to inform users of data breaches without any delay

The GDPR security and data protection policies need entirely new roles and responsibilities to address the data and safety information system within the organisation and to proactively monitor their networks and identify any potential security threat in real-time.

Preparation of the new legislation is essential. Implementation of the General Data Protection Regulation will require review of the current organisational setup, potential system upgrades, process changes, and provide all stakeholders with new implementation guidelines with a timeline and thresholds for IT governance and compliance.

High on the corporate IT strategic agenda. The liability, penalties, lawsuits and possible reputational damage in case of a breach or non-compliance makes the GDPR data protection a boardroom issue. The Board of Directors in most organisations, seriously consider importance how to ensure IT compliance to the GDPR, cyber security, and data security compliance and now ranks high on the strategic agenda.

To learn more about implementation and preparedness attend the IT and Cyber Security Day at The Technical University of Denmark on the 25th August 2016. Register today. http://www.riskability.org/2016/it-security/register.htm