The General Data Protection Regulation (GDPR) took effect across the EU on 25 May 2018. The GDPR constitutes the biggest change to the data protection regime in the EU since the 1995 Data Protection Directive. There are some significant changes that have the potential to have a profound impact on many organisations that collect and use information about individuals, even (in some cases) on organisations with no establishment in the EU but who collect and use personal data of EU based individuals.
The importance of preparing and ensuring compliance with the new law cannot be overstated, not least because of the huge fines of up to €20m or 4% of worldwide turnover that could be levied for breaches.
But there are also business benefits for those organisations that use the opportunity to adopt a fresh approach to data privacy and protection. Compliance with the GDPR is not just an additional burden – it is also a way to build and strengthen trust with customers and employees, enhance business reputation, grow the value of data assets and enhance risk mitigation.