The EU’s New Data Protection Regulations
Something big is coming from Brussels, and it’s going to have a major impact on firms handling the personal data of EU citizens.
The General Data Protection Regulation, GDPR, will take effect on May 25th of this year, and businesses need to take notice. The new EU regulations offers citizens of the Eurozone far more power over how their personal data can be collected, used, and stored with significant penalties for firms that do not safeguard this data.
Companies doing business within the European Union must meet these new regulations or face being excluded from a market of over 500 million people and with a GDP of € 15 trillion (2015).
When an EU resident’s personal data is transferred outside the European Economic Area, special safeguards are implemented which essentially move with the data. There is no escape, and firms around the world will have to meet these EU regulations or give up doing business there.
The EU has given its citizens far greater control of their personal data as privacy is now seen as a fundamental right. For example, firms will have to correct or even remove a person’s data on request as there is now an implied right to be forgotten.
And most worrisome for firms is individuals can now sue for damages in case of a data breach, and firms have 72 hours to go public in case personal data is hacked. The fines are steep with a maximum penalty of € 20 million or 4 per cent of annual global turnover.
If your firm processes the personal data of EU residents and outsources IT projects, you better have an IT partner you can trust. We can advise you.