Paul Nemitz, the director for fundamental rights in the justice directorate of the European Commission, has warned companies operating in the EU that they must invest in data security to ensure they can demonstrate compliance with the data privacy by design and security elements of the General Data Protection Regulation (GDPR) and thus reduce potential fines for breaches.
Speaking at a recent conference in Brussels, Nemitz said GDPR will require many companies to increase investment in data security, which will not only lead to compliance, but also competitive gains in the market.
GDPR comes into force on May 25, 2018 and is designed to harmonise data privacy laws across Europe, protect EU citizens’ data privacy and reshape the way organisations across the region approach data privacy. While the regulation sustains the key principles of data privacy established in a 1995 directive, it extends many of these and clarifies ambiguous territorial applicability by stating that it applies to all companies processing personal data of data subjects residing in the EU regardless of company location.
The impact of GDPR on financial services firms will be significant, requiring firms to reconsider how they build data management systems and manage personal data. Those that do this well and take a proactive approach to compliance should benefit from improved customer communication, strategic data management and a higher level of trust in the market. For those that breach compliance, the stakes are high – reputational damage and fines of up to 4% of annual turnover or €20 million – making it essential that companies respond to GDPR with a data governance framework that can support effective design and also provide evidence of the organisation’s commitment to privacy by design and default.
To find out more about approaches to GDPR compliance, join A-Team Group’s webinar, GDPR: How to build a data protection framework, on October 18, 2016. The webinar will be hosted by A-Team editor Sarah Underwood and joined by Koen Van Duyse, subject matter expert on regulatory compliance at Collibra, and Dennis Slattery, designer of the Data Management Agenda for Privacy at EDMworks.
The webinar will discuss:
- Requirements of GDPR
- Challenges of implementation
- How to build a data protection framework
- Tools to support data governance
- How to ensure ongoing compliance