The wait is over. The period for becoming compliant has finished and the General Data Protection Regulation (GDPR) is now in full effect.
Organisations across Europe have had 2-years in which to prepare for the updated data protection laws and must now ensure that compliance is on-going. The regulation has updated legislation two decades only, creating data protection laws that are modernised and better suited to how technology is now used daily.
While businesses, schools, charities and all other organisations have had the task of becoming compliant, the regulation affects all European citizens. Data subjects, people whom data is about, have increased rights under the GDPR, meaning that organisations must protect their data better and give more access and more control to data. Find out about key changes under the GDPR here.
With just two-days to go the UK Data Protection Act (2018) received royal assent, ensuring that UK law and European law on the GDPR will be in full effect from Friday, May 25th, 2018. Across Europe, member states of the European Union will also have passed the GDPR into state law.
Regulatory Authorities such as the Information Commissioner’s Office (ICO) will now face the task of monitoring and enforcing the regulation. This will likely mean an increased workload in the short-term with organisations having a legal requirement to report all breaches. In the longer-term the number of breaches reported should decrease as the number of breaches falls due to improved data protection processes.
In addition to complying on an ongoing basis, organisations face the challenges of being able to demonstrate compliance across different areas of the regulation. As part of the increased subject rights under the GDPR, data subjects can submit access requests, requests for erasure and requests for copies of their data. Organisations will need to ensure processes for dealing with these requests and if requests are rejected for any reason, such as an erasure request, there must be legal grounding in the refusal and a process to prove this process must exist.
The reality of being able to demonstrate compliance can be tricky. Organisations store and process data in many different locations and for many different purposes. This can make it difficult to identify data, take copies of it and share it securely to meet compliance needs. Data protection and compliance tools can assist in this, such as GDPR365. Learn more about demonstrating compliance with GDPR365.
With 20-years’ experience in helping organisations protect and manage data in line with data protection laws, Redstor has spent 2-years independently researching the GDPR in order to assist and advise customers and partners on how to comply. Download the ‘Ongoing compliance’ whitepaper now.