Top 3 Legal Concerns with General Data Protection Regulation
Businesses from all over the world are required to protect the privacy and data of EU citizens when they do business with or concerning citizens of the EU and GDPR consulting can help with that.
A third biennial Ernst & Young Global Forensic Data Analytics Survey in 2018 says of those who responded: The respondents indicated 33% have some established plan for compliance of the GDPR and 39% don’t know about the GDPR.
According to Ernst & Young, however, businesses based in Europe are much more prepared and aware to protect its citizens’ data. The survey states that 60% of European companies have a proper plan in place. When it comes to other regions of the world they are pretty far behind. For instance, the Middle East and Africa are at 27% awareness, and The Americas land at 13% with the Asia Pacific at 12%.
The paramount principle of the GDPR is that personal data is the property of the person, not processors or controllers of data. This goes for every citizen of the EU no matter where they are and where the location of their organization is. Since 2016 companies have under three months until they are in compliance with the new set of rules for data protection. Several companies have found it to be a big challenge since there is so much data being collected.
First, you have to track all of the data from beginning to end and then make sure the storage of said data is managed properly in accordance with the criteria in between. It should be noted that the respondents of the survey did state they feel that data protection and privacy risks are a big concern for them while their risk profiles are expanding.
Below are the top 3 reasons companies are concerned about in regards to the legality of their GDPR compliance.
Big Sanctions and Fines
There are three ways regulators are able to handle non-compliance.
- They can issue a warning
- Impose a defined ban on personal data processing
- Levy a fine of up 20 million EUR or 4% of total turnover worldwide
This all depends on each specific case and the circumstances surrounding it. Because of the provisions, the GDPR feels the cost of violations and compliance can be reduced eventually.
The main points the GDPR focuses on are transparency, governance, and accountability to reduce the risk of any breaches and protect personal data. They do this by imposing new responsibilities for companies and organizations. With these new rules, companies are required to test, maintain, and adapt then subsequently demonstrate these practices to the regulators.
A Specific Process
Most of the new requirements need a specific process to be carried out. The intention as that these measures can help formalize and structure specific areas which will make following the rules more convenient.
The specific measures the GDPR imposes are below.
- Appointing a Data Protection Officer
- Keep internal records of protection of data and such activities
- Notify the regulators of any data breached within 72 hours