The 6 biggest changes in the GDPR you should know!

Written by Niamh Elisabeth McShane | 3 min read
Published on: May 7, 2018 - Last modified: May 28th, 2021
Boat tries to reach the GDPR goal in stormy seas

From 25 May 2018, the EU General Data Protection Regulation (GDPR) will fundamentally alter the way companies handle, source, and distribute data collected from partners or clients residing in the European Union. To mark this change, the Signavio blog will focus on the GDPR throughout May. This article is the second in our series, and takes a closer look at the six key aspects of the GDPR.

Agile response to compliance changes

Updates to compliance regulations, under the GDPR or otherwise, always present an organizational and operational obstacle and spell uncertain tides. Yet if there’s one thing you can be certain of it’s this: if you are affected by the changes, then being agile and adaptable has never been as crucial as it is now.

Businesses can future-proof their internal process infrastructure by creating a strong compliance culture in their organization, and by taking the necessary steps required to implement a sustainable compliance system.

So what’s changing in the GDPR?

Here are the GDPR updates at a glance:

1. Your customers must give clear consent to the processing of their personal data This boils down to ensuring that the data subject, or more specifically, your customers, are prompted to agree to the processing and holding of their data, before you begin documenting it.

2. Your customer must have easy access to their personal data In short, if your customer requests a breakdown of the data you currently hold on them, you must be ready to make it available on demand. This is where well structured and easy to access documentation comes into play.

3. Your customer has the right to request that all data belonging to them be erased From May next year onwards, your customers have the right to be forgotten. That means that you should have a structure in place that allows you to collect and delete information on demand.

4. Your customer has the right to object to the use of their data for the purposes of ‘profiling’ Again, this update requires increased transparency, adequate prompting, and the conscious approval, or explicit consent by your customers.

5. Your customer has the right to easy data portability from one service provider to another This affects the sharing of data across organizations. If your customers want to switch service providers, you must ensure that you can smoothly and securely transfer the necessary information.

6. All in all, those processing data are obligated by the GDPR to provide transparent and easily accessible information to customers on the processing of their data, handing a greater level of control to the consumer than before.

What are the penalties?

Data breaches will result in higher penalties than previously mandated — up to 4% of annual global turnover or €20 million, whichever is greater — so the benefit of establishing a strong compliance framework and nurturing a culture of compliance among your employees cannot be underestimated. The stakes are high in terms of reputational and financial damage. Investing time and resources in having tools in place that are robust enough to adequately mitigate these risks will save a considerable amount of money and risk in the long run.

Implementing a solid compliance framework, including well-documented and transparent processes, and a compliance culture which is actively embraced by all employees, not only makes good business sense—for many organizations it is a legal requirement. If you have any questions about how to implement a compliance culture and a framework that supports updating processes based on these new regulations within your organization, or about how to get your team thinking in a process-oriented way, feel free to get in touch. You can also get a more detailed insight into modern compliance programs in our complimentary whitepaper Meeting the 8 Challenges of Financial Regulatory Compliance

 

The 6 most important aspects of the GDPR

Now that you’re up to date with the 6 biggest changes, check out our next 'Countdown to GDPR' blog post on data breach notifications and learn how to set up a breach notification procedure for your own organization.

This information is non-binding and should not replace legal counsel.

Published on: May 7, 2018 - Last modified: May 28th, 2021