The European Union’s General Data Protection Regulation (GDPR), which is celebrating its first anniversary on May 25, 2019, has had a significant impact on personal data protection. All companies doing businesses with other companies located in the EU must comply with the law or face hefty fines.
According to one of the rules, a company must reveal any known breach within 72 hours through proper channels or penalties for non-compliance could cost the organization upwards of €20 million or four per cent of its yearly worldwide revenue, whichever is higher.
Companies also need to demonstrate that they have proper controls in place for processing and security of personal data, including how data is used, stored, accessed, transferred and deleted.
What practical changes have been made in one year?
The reality is that most organizations have done the bare minimum when it comes to data handling and storage, Jasmit Sagoo, Senior Director for Northern Europe at Veritas Technologies, said.
“Generally, they’ve aimed to remove risks in two ways. First, deleting old data that is no longer necessary. Second, by taking steps to reduce the risk of litigation. This could be through consent forms on websites that ask customers
Be the first to write a comment.