Did you know that if any third-party vendor your company uses is not compliant with the General Data Protection Regulation (GDPR), you could be held liable for their actions? And even if you aren’t, your company’s reputation could suffer if a data breach occurs. The case for complying with GDPR is indisputable—the penalties are hefty and the public relations damage can derail your company’s performance. One thing is certain: detailed and ongoing vendor monitoring from a data protection perspective is critical. Unfortunately, it’s not as simple as outsourcing data governance and privacy compliance to your vendors.
Despite the hype around GDPR in May of this year, when the EU’s new General Data Protection Legislation came into effect, many companies still do not have a robust GDPR programme or sufficient protection measures and processes in place. As Jonathan Armstrong of compliance lawyers Cordery explained to Interactive Services, “I think there have been various surveys that have said that people were not ready for GDPR when it came in. That is certainly my experience.
As you may already know, one of the biggest changes to EU data protection rules is coming into effect on May 25, 2018. The General Data Protection Regulation (GDPR) is a wide-ranging set of rules you must follow when collecting, processing, and storing an individual’s personal data. Some of its key aims are to strengthen and harmonise data protection legislation throughout the EU and to ensure that individuals are fully informed about, and in control of, their personal data. So, does this mean that data privacy and GDPR are one and the same? Not quite.
“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.” ― David Brin It seems hardly a week goes by without some news of a data breach or cyberattack, but the latest media firestorm involving Facebook has caught the world’s attention and called into doubt companies’ accountability when it comes to data protection.
The General Data Protection Regulation (GDPR), which comes into effect in May 2018 for companies in the UK, EU and throughout the world, is designed “to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.” (Source: https://www.eugdpr.org/) However, data privacy and data protection for large global companies, including those in the United Kingdom (UK) despite Brexit, is similar to the fight against doping and the use of performance-enhancing drugs in sport. Organisations can have controls, procedures and tests in place