In May 2018, the EU’s new GDPR ushers in unprecedented levels of data protection for EU residents, backed by fines of €20million or 4% of global revenue, whichever is higher.
A global game changer, no organization storing or processing the personal data of EU residents can afford to be complacent, wherever the organization is based and irrespective of its current privacy maturity level.
When GDPR comes into force, it will introduce a raft of new rights for individuals and principles to facilitate and protect the flow of personal data in the market.
Among the key changes, organizations must prove that they have a robust accountability framework in place for data protection, an ongoing data protection impact assessment and a privacyby-design approach. The latter ensuring that data protection safeguards are built into products and services from the earliest stage of development.
Key rights for individuals include the right to erasure (right to be forgotten), and the requirement for consent to be explicitly given for specific uses and transfer of sensitive data.
As well as the urgency of working towards compliance there is also the opportunity to take a strategic approach to GDPR. Read our report for more.
Originally published on ey.com
EY Legal Services Contacts:
Fabrice Naftalski – Global Data Protection Law Leader