EU Regulations 2018: getting ready for a change
As we are entering an era of accelerated digital transformation, many current practices for processing personal data have become obsolete and incapable of addressing the new gaps in cyber security. However, this is about to change as companies across the whole globe are preparing for the newest EU regulations.
The implementation of the long-awaited General Data Protection Regulation in 2018 is considered the most important change in data privacy for the last 20 years. But before it becomes effective in May, 2018, it is important to ensure the clear understanding of its goals and implications:
What is the GDPR and who is affected by it?
The General Data Protection Regulation went through 4 years of evaluation and preparation before getting approved by the European Parliament. It was designed to replace the outdated Data Protection Directive adopted in 1995, and it will come into force on 25th of May, 2018.
The GDPR aims to set a new standard for the unification of data protection practices across the European Union, as well as to simplify the regulatory environment for international business. It will affect all companies that process personal data of EU citizens, independently from their location around the globe.
What are the main objectives of the General Data Protection Regulation?
During the last few years, there has been an increasing public concern over privacy. Since the current EU regulations for handling personal data were designed 23 years ago, digital companies have been collecting, storing, and exchanging user information in numerous controversial ways – exposing it to cybersecurity risks and violating the citizens’ rights for privacy.
By addressing these issues, the GDPR aims to:
- Give control back to European citizens over their personal data;
- Unify security regulations for all members of the European Union with the purpose of facilitating international business;
- Strengthen cybersecurity infrastructure and reduce the risk for breaches;
- Provide transparency regarding the collection and use of personal data.
What types of privacy data is protected by the GDPR?
Generally speaking, the EU regulation protects data that allows the identification of a specific person, such as: basic identity data (name, address, ID numbers), web data (IP address, location, cookie data), health and genetic information, biometrics, sexual preference and orientation, racial or ethnic data, and even political opinions.
Some implications concerning the upcoming EU regulation
Under the new European legislation, companies that don’t meet the requirements for the privacy of personal data may face fines of up to 20 million EUR, or 4% of the global annual turnover. The precise amount of the fine will depend on factors such as the severity of the infringement, the actions that have been taken to mitigate the damage, and the category of the affected data, among others.
As 2018 will be the year of adopting various EU regulations in the area of cyber security, companies risk facing the following penalties for non-compliance.
Additionally, GDPR implies the creation of a new job position, or the so-called Data Protection Officer (DPO). He will be in charge of ensuring the correct implementation of the established security practices.
What are some of the myths and confusions associated with the regulation?
The amount of heterogeneous information concerning the new regulation continues to spike confusion among companies. Just a few months before it becomes effective, we continue to stumble across the belief that GDPR only concerns European countries, or that it is a one-time event.
However, none of these holds true: as we already mentioned, the new EU regulation concerns every company that handles data of European citizens, and it is an ongoing process. Find out what other common misunderstandings keep people confused in our article GDPR EU: 7 common myths debunked
Complying with GDPR: third-party providers
Meeting all the requirements concerning the privacy of personal data can be a slow and extremely expensive process. For this reason, a lot of companies partner with third-party providers to ensure the correct implementation of security practices without spending a fortune.
CWS is a GDPR-compliant provider of flexible, cloud-based services for enterprises and SBMs. Our call recording solution Recordia and our virtual fax service eComFax comply perfectly with the requirements of the new regulation, due to:
- The encryption (anonymization of data);
- The custody of data in a secure environment powered by cloud technology;
- The complete access and traceability of information;
- The right to oblivion, allowing the customer to regain control over his personal information at any time;
- The right to portability – personal data can be delivered to the customer under his request;
- Compliance with ENS (National Security Scheme) for guaranteeing the highest security standards.