2018 is the year the General Data Protection Regulation (GDPR) kicks in. But how many organisations will be ready by the May 25 deadline?
According to a survey run by multinational cyber-security provider Kaspersky Lab, only half of SMEs in the UK and EU are even aware of the GDPR and only a quarter are ready for it; many more haven’t begun their preparations for compliance.
If you're in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.
It’s crime enough that hackers stole from Uber the personal information of millions of drivers and passengers, but concealing the breach, as Uber did for more than a year, would also be a serious transgression of the law under the European Union’s new General Data Protection Regulation (GDPR) which comes into effect in May 2018.
You must know about the GDPR by now. The European Union’s new General Data Protection Regulation. And that organisations have to become compliant with it by May 2018 or expose themselves to the risk of hefty fines.
Recent research by multinational software corporation CA technologies’ indicates that with little more than six months from the GDPR coming into force, less than half of all organisations have a compliance programme in place.
A shock is coming to UK businesses who haven’t yet put a data protection programme in place. The General Data Protection Regulation comes into play in May 2018, by which time businesses need to show they’re already compliant with it.
A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.
It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.
Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.
There’s a lot of talk online about businesses becoming ready for the General Data Protection Regulation compliance deadline of May 2018, but what about all the thousands of schools out there?
All schools, whether they’re private or public, need to comply with the GDPR. When the GDPR comes into play, schools will need to have their data protection programmes already operating. So where to begin?