With the General Data Protection Regulation (GDPR) set to be implemented in the EU by May 2018, this is the final year for you to adapt and make the necessary changes. All organisations which handle personal data will need to comply with the requirements of the regulation, which has obligations around subject consent, data breach notification, and the processing and transfer of data. Still, despite the masses of information available surrounding GDPR and what it means, only last month research by the DMA reported that despite 93.6% of businesses believing that GDPR is applicable to their business – 62% have no plans in place to prepare for GDPR.
With the potential of substantial fines of up to 4% of global revenue being imposed for non-compliance e.g. administrative failures and security breaches, your business needs to start preparing for the GDPR now. Additionally, GDPR has consequences in other respects. There have been two recent rulings that highlight this, and we haven’t even reached 2018.
GDPR Encourages Data Anonymity To Reduce Privacy Risks
One of these rulings was the Breyer decision regarding personal data under EU law. Data protection blog Datonomy comments “The Court ruled that dynamic IP addresses are personal data to an online media services provider (the website) if it is reasonably able to obtain the additional information necessary to identify a person from the internet service provider.”
This means the concept of ‘personal data’ was associated with the possibility of acquiring information. Post-evaluation the Court concluded that according to German law, this case was a “means likely reasonable to be used”; in other words, to contact and obtain the information required in a criminal proceedings context.
To reduce the risk associated with data processing, the GDPR encourages the pseudonymization of data (defined by the GDPR as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information“). Although this anonymous kind of data is not completely exempt from the GDPR, because it has more “relaxed” requirements, it can be very useful for data controllers.
Germany Abides By GDPR Clauses Following Leaked Draft
Towards the end of last year a draft version of the GDPR was leaked detailing new provisions covering some of the opening clauses, including:
- Businesses that process personal data and employ over ten people will need to recruit a data protection officer
- Various limitations for data subject rights, e.g. if a “disproportionate effort” is required, there is no requirement to inform a data subject about the collection of data
- Unlikely that an “Employee Data Protection Act” will materialise
- Administrative fine of up to €300,000 for personal liability
- The right for data protection authorities to take action against decisions regarding adequacy, by the European Commission
Datonomy sums up that, “The key take-away is that companies that want to get ready for the new data protection regime in May 2018 should not only focus on the GDPR, but also on the national laws that will be introduced in the next 19 months.”
What is apparent from the two above articles is that there are more national laws surrounding GDPR that you’ll need to become familiar with in order to stay compliant and avoid hefty fines. Many of our customers are already using the new framework as an opportunity to implement best practice customer and prospect data management strategies. With our expertise, we are working with them to help them understand GDPR, and apply it as the strictest possible standards of compliance.
If you’re concerned about being effected by any of the wider issues surrounding GDPR, feel free to contact us today for expert advice and guidance.
And if you like what you’ve seen so far from IZEN, now’s your chance to make sure you never miss out. Opt in to receive bite-size blogs, video guides, partner success stories, and slick infographics on account based marketing, data management, and revenue generation. Not to mention the hottest industry updates, as well as what’s going on behind the scenes here at IZEN.