How to prepare for the approaching General Data Protection Regulation

The European regulation enforces complex data obligations for companies

The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, and the British government has confirmed it will adopt the legislation while the country remains in the EU.

With less than 18 months to go until implementation, many of them remain entirely unprepared. More than half (54 percent) of organisations have failed to commence any kind of preparation to meet even the minimum standards of GDPR, according to recent research by information management company Veritas.

The regulation enforces complex data obligations for companies that current policy is unlikely to satisfy, and damaging fines for breaches.

What is the GDPR?

The GDPR was adopted by the European Parliament in April 2016 following four painstaking years of deliberation. The provisions reinforce data protection in line with contemporary concerns about personal information, and apply to both EU member states and organisations outside the union when processing the data of citizens within it.

Regulations have been harmonised to ease compliance, with one set of laws applying across all 28 member states. The clarity comes with severe penalties for violations. Breaches could result in a fine of up to 20 million (£17 million) or four percent of worldwide revenue, whichever is higher.

The sweeping legislation presents a range of compliance and operational challenges for British businesses, requiring thorough planning and additional resources.

To continue reading this article register now

The 10 most powerful cybersecurity companies