The General Data Protection Regulation (GDPR), which has been codified as Regulation (EU) 2016/679, is a very powerful law regarding the protection of data of the half billion people who live in the European Union (EU). Having come into effect as a result of the European Commission having adapted the proposal for its creation on January 25, 2012; it will replace Directive 95/46/EC, the data protection directive that has been in use in the EU since 1995.
The GDPR becomes a full-fledged law and is enforceable from 25 May 2018. This is after it goes through a two-year transition period from its adaption date of 27 April 2016.
The GDPR doesn’t require members to endorse it
Just how powerful is this regulation? Well, an idea of its overarching potency can be understood from the fact that it becomes law and will be binding from the date of its enforcement without requiring legislative support from any of the EU members.
Rationale for the creation of the GDPR
The GDPR has been created for the purpose of harmonizing and strengthening all the legislative and secretarial bodies of the EU, namely the European Parliament, the Council of the European Union and the European Commission, and to tighten the various fragmented elements concerning data protection for all individuals within the European Union (EU). The GDPR also governs the export of personal data to regions beyond the EU.
It is being created to serve two important purposes:
- Equipping EU citizens the power to control their personal data
- Smoothening the regulatory environment and synchronizing and unifying all regulations concerning data protection regulations across the EU, and lubricating the process of doing global business within the EU.
What benefits does the new legislation offer?
The GDPR has been legislated to offer many advantages:
- Within the company, Personally Identifiable Information (PII) will be processed with greater ease and clarity
- The security controls in place till now will be unified and strengthened across all the EU members
- Its stronger safeguards for data protection inspire greater customer confidence
- The process of doing business in the EU is now a lot more simplified
What happens when companies fail to comply with the GDPR rules?
The EU mandates strict penalties for companies that fail to comply with the GDPR provisions on data protection provisions on data protection:
- They have to pay penalties of between two and four percent of their worldwide revenues
- Fines can go up € 20 million
- The EU laws can initiate serious and expensive lawsuits
- All these mean that companies obviously lose face
These are the reasons for which companies that want to do business in the EU need to have thorough knowledge of this law and the ways in which it applies to them. This is the means to avert the expensive consequences that follow from noncompliance.
Proper understanding of the ways in which the GDPR works
Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be offering a clear and thorough understanding of this new legislation at a webinar that it is organizing. Founder of GO DPO® and the Co-Director of the GDPR Transition Programme at Henley Business School and one of the leading data protection practitioners in Europe, Ardi Kolah, will be the speaker at this session.
Want to understand how Ardi will bring the varied and rich experience he has gained over the years into this very important topic? Then, please register for this webinar by visiting Features including a risk-based approach
Ardi will show how important it is for Data Controllers, Joint Data Controllers and Data Processors to address all the points relating to business continuity, risk and technology if they have to achieve the outcomes expected by the Supervisory Authorities and Industry Regulators. He will explain how to use this knowledge to build deeper trust with customers, clients, supporters and employees and a strong reputation.
The following areas will be covered at this webinar:
- Difference in scope between Directive 95/46/EC and key data protection principles
- Expanding the definition of personal data and special personal data
- Enhanced individual Data Protection Rights
- Key organisational and Personnel Changes
- Mandatory personal data Breach Reporting
- Global personal Data Transfers outside of the EEA and co-operation between Supervisory Authorities
- New financial Penalties and Sanctions
- Member State laws and the GDPR.