It is the first in a series of documents to help alleviate concerns and facilitate a smooth transition to future data privacy standards.
There is even an easy-to-follow 12 step infographic to help you achieve compliance.
GDPR comes into force on 25th May 2018. Some elements of GDPR will be more relevant to certain organisations than others but in general the new directive means that financial services companies must:
- Understand where all data resides and ensure it is protected
- Appoint a data controller
- Carry out risk assessments
- Notify authorities within 72 hrs of a breach
- Implement appropriate systems to minimise risk
- Implement full data protection
The potential risks to organisations for non-compliance include fines of up to €20m or 4% of global turnover – whichever is greater.
If you are compliant with current law, then most of that should remain valid under the GDPR. However, there are new elements and enhancements which will need to be considered by all organisations involved in processing personal data.
It is important to note that the GDPR makes it easier for individuals to bring private claims against data controllers when their data privacy has been infringed. It also allows them to sue for compensation.
The DPC states in the guide:
“It is essential that all organisations immediately start preparing for the implementation of GDPR by carrying out a “review and enhance” analysis of all current or envisaged processing in line with GDPR.”
The DPC encourage companies to start the process soon as it will be more cost-effective.
Download the guidance note via the Data Protection website.
By Trilogy Technologies.
