Three Key Things You Need to Know About Europe's New Data Protection Law
In early 2016, a new EU law will go into effect that could have consequences reaching far beyond Europe’s borders. The EU General Data Protection Regulation (GDPR) will heavily impact the regulatory landscape in numerous ways most notably for organizations with more than 250 employees operating within the European Union.
Although it won’t start being enforced until 2018, the GDPR drastically alters the regulatory landscape in numerous ways, the three biggest relating to penalties, privAcy and risk.
1. Much Higher Penalties - The GDPR lays out a much more costly penalty structure than anything currently existing in Europe. The exact details on specific infringements haven’t been finalized but the penalties have been agreed upon and they’re steep: up to €1 million or 2 percent of global turnover, whichever is greater.
2. New Privacy Protections - The new regulations also create added costs for businesses for complying with the expanded privacy regulations attached to the GDPR. The right to erasure (frequently referred to in the context of search engines as “the right to be forgotten”), will now apply to databases. Individuals will have the right to have data removed from databases unless businesses are required to keep it for legal reasons. Businesses must also notify authorities within 72 hours of any data breaches.
3. Greater Liability Risk - Up until recently, businesses have collected personal data on employees and customers, oftentimes with only a vague sense of how the data might eventually be stored and used. Those days are definitely over now under the lens of the GDPR. The fines that will be imposed due to data breaches and lack of compliance with the GDPR makes databases a potential liability now to businesses.
What can businesses do to protect themselves under this new regulatory regime? Tools like Riverbed® SteelFusion™ have helped organizations to secure edge data at the center, while Riverbed® SteelCentral™ works to detect and report data breaches. Large enterprises with consolidated data centers often utilize branch offices in remote locations that are difficult to support and protect. However, through the use of SteelFusion, companies can centralize their data and eliminate the risk of managing it across remote locations. Our SteelCentral product provides tools that organizations need to detect, understand and report what happened during a security breach—something that will need to happen much faster when the GDPR goes into effect.
The GDPR may, depending on your perspective, be good for consumers but it certainly creates challenges for businesses. Fortunately, large organizations, and the decision-makers behind them, have plenty of time to get ready and be in compliance when the new rules take effect in 2018.