On 25th May 2018 the General Data Protection Regulation came into force, revolutionising the way that personal data are used and handled. Controllers and processors of personal data need to adhere to the new regulation in order to be compliant. PwC can help.
If you are an organisation processing personal data in Europe; or you are targeting Europe goods and services; or you are monitoring the activities of European citizens online, you will need to comply with GDPR.
The GDPR is the largest development to data protection legislation since the European Data Protection Directive in 1995. It will require wide-scale privacy changes in all regulated organisations, and regulators will gain unprecedented powers to impose fines. Nevertheless, the GDPR also represents an opportunity to:
It is essential that organisations are able to demonstrate to regulators that they have robust plans in place to comply.
Stewart Room, Joint Global Head of Data Protection and Global Legal Services leader, PwC UK, discusses the General Data Protection Regulation (GDPR) and its impacts for both entities and citizens | Duration 1:48
The regulatory imperative of GDPR creates some very specific issues. These changes include
Under the right to erasure/to be forgotten individuals will have the right to ask organisations to delete their personal data in certain circumstances.
In certain circumstances, individuals can request to transfer their personal data from your organisation to a third party. The transferred data must be sent in a structured, machine-readable format to the third party, so organisations should begin thinking about technical implications of data portability.
If you have a data breach you will have 72 hours to report it. Fines for non-compliance of the GDPR could be up to 2% global annual turnover.