The European General Data Protection Regulation (GDPR) was proposed on January 25, 2012 because the current EU Data Protection Directive does not sufficiently consider the important aspects of data protection in our rapidly changing environment which includes globalization, social networks, and cloud computing. As such, the European Commission determined that new guidelines for data protection and privacy were required and proposed GDPR as a comprehensive reform to the Data Protection Act of 1998.
The single data protection regulation which was adopted in April 2016 and takes effect after a two year transition on May 25, 2018, will have immediate effect on the EU countries after the two year transition period without requiring any additional legislation by EU state governments. The GDPR will expand the Data Protection Directive to all companies vs just government agencies and will apply to all EU countries because of its regulatory aspect. Employee data is excluded from GDPR and will be subject to individual country regulations.
There will also be one Single Data Protection Authority (DPA) responsible for each company depending on where the Company is based. A European Data Protection Board will coordinate the DPAs.
The key elements of the GDPR include the creation of a single set of rules, increased enforcement powers including an increase in potential fines, a duty on organizations to report breaches within 24 hours, and provisions giving people easier access to and more control over their personal data including a "right to be forgotten" and introduction of "data portability".
Compliance with the General Data Protection Regulation (GDPR) will require companies to apply a holistic approach and engage all relevant groups of the enterprise to work together. Furthermore, Data Protection Officers will have to gain additional knowledge about IT controls as the regulation clearly addresses the need to maintain system security over consumer data to ensure privacy. Click here to read another article about the General Data Protection Regulation for more details about the requirements and why some of the compliance tasks may be dispersed today and will need to be coordinated closely to ensure efficient and effective GDPR compliance.