GDPR comes into effect, are you ready?
On 25 May 2018, the General Data Protection Regulation (GDPR) will come into effect. The regulation affects every organisation that handles personal data, including ERYICA and our member organisations. It replaces the previous regulation from 1995 and unifies data protection across the EU and the European Economic Area.
Privacy, data protection and personal data are key issues nowadays, especially in online environments and the Internet economy. However, all organisations need to examine their processes and make them GDPR-compliant by 25 May 2018 at the latest.
The regulation implies a number of measures, such as obtaining consent for the collection of data, reporting data breach in 72 hours and operating systems with proper data security protocols. Users of online services will have more rights, such as access to their data, the right to be “forgotten”, and they can migrate their data to another service provider if they decide to do so. Data of young people under the age of 18 enjoy special protection in certain cases – something to keep in mind in our field!
Non-compliance with the regulations can result in hefty fines. In the case of serious infringements, these can amount to 4% of total global annual turnover or 20 million euros, whichever is the highest.
Ideally your organisation should be ready for the changes but if it is not the case, a good first step is to contact your national data regulation authority. GDPR is a complex topic, and even though you have the basics, your legal team will need to go through the legislation in detail. However, despite these difficulties, the new law is a tool to better protect your users, beneficiaries and partners, and to improve your own internal data handling procedures.
In line with the new regulations, you will receive an email from ERYICA shortly with information about your subscription to the newsletter. Please read it carefully. We hope you will keep reading our quarterly news.