The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
Nessy Learnings Salesforce Marketing Automation Case StudyDesynit
John Dorman presented this case study at Bristol Salesforce User Group, 14 April 2016: How marketing automation transformed Nessy in to an international success story.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
What is GDPR and why does it matter to me? Desynit
An introduction to the most radical changes to data protection in the last 10 years. Stephan Chandler-Garcia from Digital Catapult gives you an overview of the General Data Protection Regulation and how you can stay ahead of the curve as a Salesforce user. We will be looking at new ways of thinking about your customers data and new ways of managing consent.
GDPR and its impact on digital communications | Digital trends seminar | 23 M...CharityComms
Vee Rogacheva, digital and UX specialist, Eduserv
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Cognizant business consulting the impacts of gdpraudrey miguel
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
The European Union will introduce the new General Data Protection Regulation for implementation May 2018. This makes it a legal requirement on all businesses owners to comply with the new regulations or face heavy fines. This will still apply to UK companies after Brexit.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docxjeanettehully
Running Head: THE IMPACT OF GDPR ON GLOBAL IT POLICIES 1
THE IMPACT OF GDPR ON GLOBAL IT POLICIES 3
THE IMPACT OF GDPR ON GLOBAL IT POLICIES
Abstract
The General Regulation of the EU on Data Protection (GDPR) provides essential safeguards in the field of privacy, which offer new challenges and potential opportunities for organizations worldwide. However, worldwide organizations must make GDPR compliance changes to minimize GDPR liability. This editorial preface discusses the benefits and threats of the effect of GDPR on global technology growth. We also speak about how China and the US, the two world economic giants, could respond more effectively to GDPR threats and possibilities.
Introduction
The GDPR, which became law on May 25, 2018, is a data protection law that establishes rules on the collection, storage, and management of data of persons living in the European Union (EU, 2016). This legislation applies to all individuals residing in the EU. To satisfy the new demands on privacy raised by digital technology advancement, the new law increases EU data protection. Although the GDPR also covers EU citizens, it has a global impact that impacts every EU business entity that provides services or keeps data regarding EU nationals, which are personally identifiable.
GDPR offers users with a broad degree of control to be overlooked, including the right to withdraw permission. In the same period, the information controllers and processors, including data protection, are required to record all their processing activities by the layout and by necessity. GDPR notes that businesses must seek the customer's permission for data collection and ' implementing successful technological and functional measures ' to protect personal data for EU citizens. (Kaushik et al. 2018).
In May 2018, the European Union adopted a General Data Protection Regulation, which drew a specific conclusion regarding the worlds most detailed and common law on data security, with substantial and unexpected consequences on multinationals. In the months before it began, both inside and outside of Europe, businesses failed to adhere. However, as many as 80% of the firms concerned were still short of this goal on the eve of enforcement.
A year on, businesses continue to work to achieve full conformity with their newly founded regulations. The government will be more confident. Data processing and the processing of complaints in most European countries have doubled, although businesses of all sizes develop violations and associated penalties practices and processes.
The non-conformity to GDPR was held accountable by organizations that process data belonging to EU citizens. GDPR offers a new obstacle, as well as potentially stricter security measures, protocols, and procedures to protect, handle and maintain your data and ensure compliance with GDPR, technology firms, and providers of cloud services, data centers, and advertisers. Afterward, we were probably subjected to s ...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
2. The European Union (“EU”) and the United States
have very different regimens for protecting person-
al information. The United States uses a patchwork
of privacy laws including the Health Insurance Por-
tability and Accountability Act (“HIPAA”) for protect-
ed health information, Financial Credit Reporting Act
(“FCRA”) for credit reports, and
many more. In contrast, the EU
considers privacy a fundamental
right and uses the Data Protection
Directive (“Directive”) to regulate
the processing of personal data
across Europe. True to character,
European regulators recently ap-
proved a comprehensive privacy
regulation which will take effect
in 2018. The regulation applies
to all foreign companies process-
ing EU personal data so American
and Canadian companies should
make certain their compliance
programs are EU relevant.
GDPR Replaces EU Directive
In the works since 2012,
the General Data Protection
Regulation (“GDPR”) was adopted on April 14, 2016,
and is scheduled to go into force on May 25, 2018.
GDPR replaces and expands the Data Protection
Directive by centralizing powers that were previously
reserved to EU member states.1
Under the Directive,
EU member states are allowed to pass laws to
supplement the Directive, resulting in many states
having different personal data laws. GDPR aims to
harmonize Europe’s privacy laws and also restricts
the ability of member states to pass their own data
protection laws in the future.
GDPR Applies to Many
American and Canadian
Companies
Within the EU, businesses that
collect individuals’ personal data
are called “data controllers” and
any use of personal data is called
“processing.” Data controllers
may use “data processors” such
as cloud service providers or bill-
ing companies to handle personal
data. The individuals about whom
data is collected are called “data
subjects.” Historically, the Direc-
tive only applied to controllers of
personal data. However, the GD-
PR’s expanded jurisdiction applies
to the processing of personal data
of all EU residents, even if the controller or processer
is located outside of the EU.2
This means that Ameri-
can and Canadian companies that sell goods and ser-
vices to EU residents will be subject to the GDPR.
American
and Canadian
companies that
sell goods and
services to EU
residents will be
subject to the
GDPR.
EU DATA PROTECTION BASICS
“
”
3. Below are some key areas for organizations to con-
sider when aligning their compliance environment to
the GDPR requirements:
New Obligations in the Data Ecosystem
Companies will be required to obtain unambiguous
consent when collecting EU personal data. For web-
sites, this will require the checking of a box or other
technical configurations to clearly indicate the data
subject’s acceptance of the terms of processing.
Companies must also build in new personal data pro-
tections in the form of identity-masking techniques
such as “pseudonymization,” which makes individ-
ual identification more difficult. Employees should
be trained in these practices, and companies must
regularly audit the data they maintain and document
the reasons for its collection. Additionally, all uses of
high risk data will be subject to a privacy impact as-
sessment to account for the risks of processing and
to identify potential safeguards.
Requirements for a Data Protection Officer
Companies that currently monitor data subjects us-
ing targeted online advertisements or customer loy-
alty programs will be required to appoint a Data Pro-
tection Officer (“DPO”). One study suggests this new
requirement will result in up to 28,000 new DPOs in
Europe alone.3
American and Canadian businesses
with no physical presence in the EU may also be re-
quired to appoint a DPO if they monitor personal data
from EU employees or customers.
Increased Security Requirements
Data controllers and processors will have increased
security responsibilities when storing or processing
personal data. GDPR requires that both data control-
lers and data processors take security measures pro-
portional to the risks of processing and the types of
information involved. In the event of a data breach,
companies will be required to inform privacy regula-
tors within 72 hours upon discovery and notify data
subjects “without undue delay.”
Possibility of Multi-Million-Euro Fines
Violators of EU data privacy law, including American
and Canadian companies, will be subject to potential
fines of up to 4% of annual revenues or € 20 million,
whichever is higher. Because this scales with the size
of a company, larger companies could face massive
fines – potentially millions of Euros.
Expanded Individual Rights
Individuals also gain rights: the right to be forgotten
and the right to data portability. The right to be for-
gotten allows an individual to request that a corpo-
ration delete that individual’s information once its
retention can no longer be legally justified. Under
the right to data portability, individuals may request
a copy of all automated data which a company pos-
sesses about them. This data must also be delivered
in an easily transferable format which could be an ar-
duous and expensive task for some companies.
KEY TAKEAWAYS OF GDPR
Larger companies could face massive
fines - potentially millions of Euros.
“
”
4. In the Next Installment
In the next segment of our GDPR series, we discuss the new mandatory obligation for organizations that
process personal data to appoint a data protection officer (“DPO”). Under the new framework, the DPO will be
accountable for monitoring an organization’s compliance with GDPR as well as reporting on privacy-related
issues. Be sure to check back for an in-depth analysis about the function of a DPO as well as which business-
es and industries will be affected.
The Authors
Part 1 of Sunera’s GDPR: A New Data Protection Landscape series was written by:
Erica Walker, JD, CIPP/US | ewalker@sunera.com
Eric Roth, JD, CIPP/US | eroth@sunera.com
Evan Nagler, JD, CIPP/US | enagler@sunera.com
About Sunera
Sunera’s Data Privacy team has developed and implemented privacy programs for some of the nation’s larg-
est and most complex organizations. Our privacy professionals have expertise in a number of privacy regula-
tions and frameworks, including internatonal privacy laws, U.S. state regulations, HIPAA, HITECH, GLBA, and
NIST. Most of our privacy experts are Certified Information Privacy Professionals (CIPPs) and Certified Infor-
mation Systems Auditors (CISAs), and a number of Sunera’s experts are Juris Doctors, who have previously
worked in privacy law, assisting clients with their compliance with local and international privacy laws. Our
privacy team is actively involved in the data privacy community, presenting on key privacy issues at leading
security and privacy conferences and contributing to privacy thought leadership.
For more information about GDPR compliance, or any of Sunera’s other services, please contact:
Eric Dieterich, Data Privacy Practice Leader
786.390.1490
edieterich@sunera.com
sunera.com
Disclaimer: Sunera LLC is not a law firm and does not provide legal advice. This document is intended for informational purposes only.
1
95/46/EC
2
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52016PC0214&from=EN
3
https://iapp.org/news/a/study-at-least-28000-dpos-needed-to-meet-gdpr-requirements/