15-09-17

GDPR is a new data protection law in the EU that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It harmonizes the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to €20.000.000 or 4% of worldwide turnover (whichever one is bigger). The regulation becomes enforceable from May 25 2018.

The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. Any organization that processes personal data of EU individuals, is within the scope of the law, regardless of whether the organization has a physical presence in the EU.

The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations. Some of the key changes are:

Extended rights for (EU) individuals:

  • Deletion (right to be forgotten)
  • Data Portability
  • Consent

For organisations:

  • Data Protection by design & by default
  • Need to appoint a Data Protection Officer
  • Mandatory Data Breach notification within 72 hours

Will your organisation be impacted?

In short, yes! Depending on the size of your organisation and what type of data you collect or store, different parts of the regulation apply. For example, companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.

What are the benefits of GDPR?

That’s a hard one to answer, as an individual living in the EU, you will be better protected and have consisted legislation across all EU member states. For companies, it means more work, better processes and probably a higher focus on security. With fines up to €20 Million or 4% of the global revenue, it is serious enough. Data privacy will now -more than ever- be a boardroom issue. Although the 25th of May is still a little bit away, the deadline for implementation is approaching fast…..start planning your preparations!

Wondering where to start? Try the “EU Privacy Law Basics” Trailhead module for Salesforce.