Enterprise Culture, with its emphasis on creativity and freedom, and the stringent regulations necessary to safeguard public interest and protect individual rights, often make for an uneasy combination – which is why the latter are often introduced gently, in “bite-sized” increments, over a timescale comfortable and leisurely enough to keep everyone happy.
The General Data Protection Regulation initiative is different. Quite radically so.
(The GDPR is being enacted across all member states as law with each member state applying the same legislation. This has meant the GDPR is very prescriptive on how who when where why Individuals personal information is managed.)
First of all, unlike other regulatory initiatives, GDPR is not just another “directive” which simply defines a goal while leaving it up to individual countries to choose their own legislative roadmap on how to reach it.
What this means in practise is that even though it has the potential to affect, at least to some degree, practically every enterprise or organisation on the planet, GDPR does not and never will require individual countries to pass any enabling legislation at national level. When it becomes enforceable from 25 May 2018 after a fast-track transition of just two years, it will be immediately binding and directly applicable.
Second, the scale of GDPR’s repercussions, both personal and corporate is unprecedented. So much that it will leave none of us unaffected. With penalties of up to €20 million or a frightening four per cent of global turnover the cost of choosing contravention over compliance – albeit inadvertently – could be, quite literally, catastrophic.
And the clock is already ticking .
The key changes are :-
The eight KEY privacy principles have been reduced to six one would think that this weakens the privacy principles, however the GDPR is granular in detail and whilst the principles have been reduced , the compliance regime and additions of new concepts have created three differing processes in affectively managing data.
The GDPR brings additional guidance and definitions to the following.
D Children’s Data
E Definition of Personal Data (special categories of personal data is clearer and Broader in GDPR )
G Data Breach Reporting
H Enhanced Rights
I European Data Protection Board
GDPR Academy is dedicated to GDPR and Cyber Security. These go hand-in-hand so you are up-to-date, day-by-day on the latest developments, white papers, laws and timings et al.
GDPR Academy is the only place you’ll find a comprehensive body of knowledge, resources and experts to help you navigate the complex landscape of tomorrow’s GDPR and Cyber Security issues.