Following years of debate, regulators have now reached an agreement on the content of the EU's new General Data Protection Regulation (GDPR).
The intention of the GDPR is to protect the fundamental rights and freedoms on individuals, in particular their right to the protection of personal data. It’s also designed to facilitate the free movement of data across the EU. It will come into effect as of 25 May 2018.
Who does the GDPR affect?
The GDPR affects all organisations that handle personal data belonging to individuals based in the EU. Even if your company itself is not based in Europe, it will still be subject to the Regulation if your employees, suppliers or customers reside within the Union.
Mandatory DPO requirement
Many businesses across the EU are already legally obliged to install DPOs, but to date this requirement has been regulated by individual member states, and therefore lacked consistent application.
Under the GDPR, all public sector organisations will have to appoint DPOs, and many private firms will have to follow suit. This requirement applies regardless of the organisation’s authority as either a controller or processor of personal data.
Does my business need to appoint a DPO?
You will be required to appoint a DPO if your core business involves:
- The regular and systematic monitoring of individuals on a large scale
- Processing ‘special categories’ of data on a large scale. These categories include data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data or data concerning health, sex life and sexual orientation. A full list of categories can be found under the GDPR Recital 75.
- Processing data relating to criminal convictions and offences
Regardless of whether or not you employ a DPO, you’ll need to ensure your business is equipped to manage the ramifications of the GDPR. Our Business Lens solution can help you gets started. It dynamically maps personal data to present a holistic view of compliance challenges. Specific tools and controls can then be applied to model risk, enhance security and adapt processes.
To see the solution in action: