Finally, the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) is coming. Following a long lasting process of negotiations, two months ago the European legislator proposed the new privacy framework for Europe – and anyone doing business in Europe.
So, how much time is left for your business to comply with the new rules? Maybe less than you think:
The clock is already thicking, and it runs fast. Consequences for not meeting the deadline and to get your compliance in line with the law may lead to significant fines, up to 4% of your total worldwide turnover (or up to 20 Million EUR, whichever is higher).
Now as we are clear on the fines and the deadline, the question remains what to do in the meantime. I do not want to bother you with the legal details, but with the big picture on the next steps to take.
The main message is: Start now.Why start now?
This one is easy to answer. Many requirements of the GDPR like privacy by design and privacy by default are technical requirements which may have an impact on your developer road maps. So, if you start late your tech guys will likely come into trouble to build that additional tweaks in your products in time. In addition, budget planning for the next fiscal year will take place in September at latest, and you should already have a rough idea what you need – and it would be nice to let other departments know that they have to spend some money for your GDPR-project as well.Where do I start?
Let me answer this question with a counter-question: Where are you in terms of compliance? The last years have been busy with expanding your business to Europe, the Middle East and South-East-Asia? No time to review everything in terms of privacy and data protection compliance? If you are still nodding, buckle up and start right away to get an overview of anything that is going on ...Zum vollständigen Artikel