The General Data Protection Regulation (GDPR) enforces strict requirements around Chief Data Officers (CDOs), EU citizen data management, and data permissions—including protocols for dealing with data breaches.
GDPR, the EU’s personal data protection and privacy regulatory ruleset for companies around the world became active in May 2018. Forrester reported that just four months before the laws went into action, 11% of organizations were still figuring out what to do about it and 8% of firms had no familiarity with GDPR rules and regulations.
Overview of GDPR
GDPR regulations require all businesses which meet the satisfy the following conditions to employ a CDO:
- Employ over 250 people
- Process or store large amounts of EU citizen personal data
- Process or store special personal data
- Regularly monitor data subjects
- Are a public authority
Beyond requiring CDO employment, GDPR regulations enforce the following restrictions on EU citizen data:
- Right Of Erasure
- Right Of Data Control
- Right Of Data Portability
- Right To Be Informed
- Right To Access Personal Data
- Right Of Correction
- Right To Object
- Rights Related To Automated Decision Making Including Profiling
Each of these rights require EU citizens’ data be kept separate and compartmentalized, ensuring the ability to remove them from a database at-will.
American consumers expressed support and would like to see some GDPR-esque laws enforced within the U.S. specifically, 38% responded with the ability to control how their data is used while 39% favored the “right to be forgotten” rule.
Consequences of Non-compliance
If businesses fail to comply with GDPR regulations, they can be fined between 1-4% of annual revenue or up to €10-20 million, whichever is higher. These fines will depend on which parts of GDPR were not followed, how many people and how much data was affected, and a slew of other factors.
The cost of GDPR compliance failure is substantial, as is the risk of attempting to ‘fly under the radar’. Anyone within the EU can file a complaint, starting the trend of unsavory consequences.
Read More: The Not So Hidden Costs of Compliance
Stay Ahead of GDPR Compliance with Ascent
The key to staying current on GDPR is a compliance program that evolves with new regulations. A system with the right fail-safes in place will help ensure that your firm’s obligations are always up to date.
Great technology makes this easier than ever. Ascent provides you with a feed of regulatory changes (including those related to GDPR) that apply to your firm, helps you visualize how the rule text has changed, and indicates whether that change impacts your existing controls, policies and procedures.
Ascent also serves as a central repository for all regulator documents so you can easily search for speeches, guidelines or other releases concerning GDPR, allowing for comprehensive research.
SOLUTION HIGHLIGHT: How Ascent Automates Regulatory Change Management
Enjoy this article? Subscribe for fresh thoughts designed to help you stay at the forefront of compliance and technology.