Data protection: is there a new sheriff in town?
In the beginning, there were personal data being digitalized, accessible form everywhere by everyone. The new frontier, will, as always, generate abusive behaviours. Not long after, come threats and data breaches - such as ransomware or security breaches. Some are not brought to the attention of the public and the authorities, some are with delay... To deal with those security issues, once again the European Commission has turned into a shield to protect the people, as it had done it with MiFID II, IDD, PRIIPs, PSD2, etc. There’s a new sheriff in town as goes the saying!
GDPR, the European legislative response
On May 25, 2018, the General Data Protection Regulation (GDPR) will come into force with a significant novelty compared to previous regulations: all companies are concerned, for all categories of data subjects. The GAFAs’ sector is obviously a target, but so are service and industrial companies, be they international or local! As for the data subjects, if customers and employees naturally come to mind, the GDPR also aims at protecting personal data of prospects, former employees, candidates, legal representatives etc.
... with means to match its ambitions!
What are the purposes of this regulation? To strengthen data subjects’ rights, of course, but also to make organisations more responsible, including subcontractors, and finally to standardise practices within the European Union. What about the means? Administrative penalties incurred in case of data breaches can go up to 4% of worldwide group turnover (or € 20 million for non-profit organisations). In comparison, in France the maximum penalty amount in case of personal data violation was set at € 150,000!