EU updates the regulation to protect individuals
The EU is updating the regulation regarding data protection, which will strengthen the rules for organizations that in some way manages personal data. There is a political agreement and the text of the law will now be formalized, which will take place in early in 2016.
Businesses have two years to adapt
Organizations have two years to adapt and reach compliance, but it’s easy to forget that a lot of what is in the regulation is already included in the previous regulation, which means that many of the rules is already statutory.
Those who do not behave risk heavy fines
Penalties in the new regulation will be powerful and should be sufficient motivation for many companies to start working on privacy issues and the protection of personal information.
But there are also other arguments to reach compliance; personal information is one of the most valuable assets a modern organization can have. Therefore, should already risk management and controls be in place.
4 recommended activities from our expert
1. Risk Analysis
A risk analysis regarding personal data – identification of the information you handle and for what purpose, what risks are you facing, and what impact you risk.
2. Establishment of controls and compliance
Based on the risk analysis – Protection of personal data must be included by default in all systems. This means that safeguards must be implemented for all systems that handle personal information.
3. Processes of communication
The person whose data are collected should be informed about what data is collected and how it will be used. This is regulated today, but the rules are tightened radically to improve the individual’s privacy and security.
4. Requirement of suppliers
For those who outsource IT should already improve the demands on their suppliers. The outsourcing provider must agree what information is used, and for what purpose. In particular, when the supplier is outside the EU.