The European Union’s Global Data Protection Regulation (GDPR), enacted in 2018, has effectively replaced the 1995 Data Protection Directive. It includes a number of key changes that address modern data-driven environments. To comply, organisations must develop specific processes governing internal records and data breach notifications; appoint a Data Protection Officer; allow individuals to access and control what personal data is collected and how it is used; and more. Under the new territorial scope of the GDPR regulation, the law applies to many organisations that sell goods or services within the EU, regardless of where their businesses are located.
New GDPR requirements have created major concerns for data privacy professionals and others working with Governance, Risk, and Compliance (GRC). Organisations that fall under GDPR must embed privacy-by-design concepts across the enterprise, including their product lifecycle, vendor management, and human resources. In addition to a number of other requirements under the new GDPR definition, individuals must be notified of personal data breaches within 72 hours. Failure to comply with GDPR requirements can result in fines of up to 4% of an organisation’s global annual revenue, or up to €20 million, whichever is greater.
Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!