The new General Data Protection Regulation (GDPR) is the most significant change to European Union (EU) privacy law in two decades.
This is set to replace the Data Protection Directive (DPD) that came into force in 1995 when web technology was in its infancy, before the arrival of cloud services and proliferation of mobile devices.
In the UK the 1998 Data Protection Act (DPA) is in similar need of replacement as technology has evolved.
Many aspects of the DPD (and DPA) are now obsolete so new legislation is being passed to protect EU citizens and their data from being exploited.
GDPR requires organizations to respect and protect personal data – no matter where it is sent, processed or stored.
It imposes new rules on companies, non-profits, government agencies and other organizations that offer goods and services to people in the EU.
This is set to be an important step forward for individual privacy rights by giving EU residents greater control over their personal data, and removing ambiguity about the definition of personal data.
How GDPR will impact an organisation is less certain as each industry will face its own unique challenges with regards to data protection.
Another of the complexities of GDPR is that the regulation will vary across EU member states because each is an autonomous entity with their own laws and legislation.
The costs of non-compliance are set to prove significant in terms of reputation damage and financial penalties that could be as much as 4% of annual turnover, or €20m.
While there is currently uncertainty surrounding some of the detail and the implications of GDPR, this much we do know:
GDPR was first adopted in May 2016 with a 2 year transition period to give organisations time to bring themselves into compliance.
This applies to all organisations handling the data of EU citizens and GDPR regulation will apply from 25 May 2018.
Given the ramifications of this directive, organisations are urged to begin reviewing their privacy and data management practices now.
Controlling who has access to personal data has always been crucial and now even more of a priority in the context of GDPR compliance.
HRLocker controls include granting users access permissions making it easy to control who has access to information.
HRLocker prevents unauthorized access by controlling the permissions and also the ease of revoking privileges.
Using HRLocker is a significant step towards being GDPR compliant. Each organisation is responsible for managing their own data, but more will depend on the capability of organisations to manage their own information and which systems they use to do this.