• Blog
  • Compliance
  • Here’s What You Need to Know About GDPR – Including How It Will Be Affected by Brexit

Here’s What You Need to Know About GDPR – Including How It Will Be Affected by Brexit

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s.

Philip Robinson
| Read Time 2 min read| Updated On - February 5, 2019

Last Updated on February 5, 2019 by Philip Robinson

what you need to know about GDPR
For those who don’t know about GDPR, it stands for the General Data Protection Regulation, and is a new set of rules passed by the European Union which aim to reform the out-dated and inconsistent EU Data Protection Directive. The GDPR will come into effect from May 2018 and will be applicable across all 28 EU member states.

However, for those of you that believe Brexit means you won’t be affected, it doesn’t matter if you are an EU citizen or not. It’s not about where the data resides, but who the data is about. If an organization outside the EU is collecting personal data, and that data belongs to a citizen of the EU, they must comply with the rules or face heavy financial penalties (€20m or 4% of annual turnover).

While many would agree that such measures are long overdue, given that many companies and organizations are still not adequately handling sensitive data, the implementation of GDPR will disrupt work-flows and incur substantial costs.

Firstly, organizations with over 250 employees are legally obligated to hire a data-protection officer (DPO).

Secondly, GDPR compliance comes with a steep learning curve and so staff members would require sufficient training, incurring further costs.

We must also consider the possibility of regulatory loopholes. Jeremie Zimmermann – a French computer scientist – has criticized the draft for its use of vague wording, such as “legitimate interest,” and claims that this could allow large corporations to “exonerate themselves from the legislation.” Should our personal data be used to enrich and empower a select group of corporations, this will countervail the legislation’s principal objective.

It’s also worth noting that, while the GDPR sets out to protect the rights of individuals by allowing them to exercise their “right to be forgotten” etc., complying with the GDPR will give regulators “unprecedented powers to intervene in business.”

When it comes to safeguarding sensitive data, and giving data subjects more control over how their data is processed, I think we can all agree that something has to be done. And while added costs, potential loop-holes, and officious enforcement protocols may give rise to a new set of problems, such directives will surely promote a wide-spread awareness of data protection, and the current lack-of.

Philip Robinson
Philip Robinson

Phil joined Lepide in 2016 after spending most of his career in B2B marketing roles for global organizations. Over the years, Phil has strived to create a brand that is consistent, fun and in keeping with what it’s like to do business with Lepide. Phil leads a large team of marketing professionals that share a common goal; to make Lepide a dominant force in the industry.

Get Your Free Copy of the Ultimate Guide to Active Directory Auditing
Related Articles
The Complete Guide to Effective Data Access Governance

This whitepaper provides a comprehensive guide to implementing effective data access governance.

Download Whitepaper
Data Access Governance Solution.

Better govern access to sensitive unstructured data, enforce zero-trust, and demonstrate compliance with the Lepide Data Security Platform.

Learn more
Solutions
Platform
Company
Microsoft partner gold application development DMCA.com Protection Status