The entry into force of the new Personal Data Protection Regulation on May 25th, 2018 is already perceived as one of the major critical events of the next year. It will be “Day – O”, with apocalyptic effects for many companies that will not have the resources and time to become GDPR compliant?
Do you remember “2000 Year Virus” or “Millennium Problem”? It was a tremendous strategic move to upgrade infrastructure and computer equipment based on a technological challenge of expanding the number of digits. In January 2000 1st, there was very few downtime in some legacy computing systems with minor losses, but everyone gained through the boom of investments in new equipment and infrastructure…
For many organisations, the new EU regulation 2016/679 comes with the force of an unprecedented change. It seems to have a much greater disturbing effect than the digital wave. GDPR genesis was not easy. Considered as an absolutely necessary update of Directive 95/46 / EC, GDPR consolidated after 4 years of debate and 3000 amendments. Over 80 new requirements have emerged from the old directive. Many companies will have to make radical changes in business models. Some analysts say we will have to radically rethink the current marketing processes. According to the Digital Clarity Group „The GDPR could be a mortal threat to your company’s existence — and it makes fundamental decisions about data collection, processing, and storage into key strategic business issues.”
An essential vector of the new regulation is the worldwide applicability area. Previously there were regional treaties such as “Safe Harbour” that offered US companies the necessary comfort to process customer data in Europe. Safe Harbour’s privacy principles were abolished by the European Court of Justice on October 24, 2015, after a customer complained that their Facebook data was insufficiently protected. GDPR has suddenly become a major challenge for all multinationals.
Other major provisions of the new regulation with possible disruptive effects would be:
Fines – Penalties are overwhelmingly high, with a maximum of 4% of annual global turnover. Note that these provisions apply to both data handlers and processors – which extend the GDPR requirement to hosting companies or Cloud providers as well.
Consent – Companies will no longer be able to use GDPR incompatible contractual terms or hard-to-get clauses. Consent must be clear and free from any taxation, and intelligent request and a solid argumentation of the purpose of the data processing.
Notification of security breaches – becomes mandatory for all member countries of the community. Any incident must be communicated to the reporting authorities within 72 hours of the occurrence of the breach. Processors will also have to notify their customers as soon as it turns out that the security incident has affected their personal data.
Right to access – part of the extended rights of citizens in the new GDPR format refers to their right to require processors or data controllers to confirm the way personal data is processed, where and for what purpose.
Right to be forgotten – also known as “the right to be deleted“, ensures full confidentiality by deleting all personal records, even in situations of data dissemination or potential use by third parties.
Data portability – refers to the right of any citizen to receive personal data in a readable, readable format by any device that can be transmitted at the request of the owner of another data processor.
Privacy by Design – is a long-standing concept that is just now part of the GDPR requirements package. Essentially, it consists of including data protection tools from the very beginning, from designing a computer system.
Data Protection Officers (DPO) – An IAPP study estimates a need of more than 28,000 DP officers across Europe. The holder of this position will be the GDPR compliance trustee and will accumulate legal, operational and IT expertise.
There are also analysts who see GDPR as a business-friendly test. Any company that has made efforts and invested in compliance measures has gone a long way in its digital transformation.
16 thoughts on “The Disruptive Effect of GDPR”