Data is big business. You don’t need us to tell you that. Protection and management of such data and people’s privacy are becoming increasingly important. As from 25 May 2018 - that date looks far away but make no mistake - every company in Europe must comply with the new European General Data Protection Regulations (GDPR) if it manages personal data. The aim? To do away with the fragmented privacy rules of the Member States; to make everyone equal in the eyes of the law. This is therefore good news for companies or organisations operating internationally.
At this point in time, privacy law already wants to protect citizens against the misuse of their personal data and lays down the citizen’s rights and the processor’s obligations. The obligations are seldom enforced, however. Only in a few sectors (healthcare, for example) must companies or organisations appoint a security consultant and comply with the ISO 27001 standard.
The European GDPR rules go one step further and put the emphasis on the protection of individual personal data of any nature (private, professional or public) or form (name, photograph, email address, bank data, posts on social media, medical information, IP address of the computer, etc.) whatsoever. Every company or organisation managing personal data must comply with the new rules. There are no exceptions. In fact, the fines are not to be scoffed at, up to 4% of worldwide turnover. It remains to be seen whether these will actually be enforced, however. But the fact is that reputation and image will still be damaged. And that’s probably a risk you’d rather not run, right?
Legally and technologically
Laws are often abstract and difficult to interpret. Your most important challenge? Translating the GDPR rules into specific actions. BDO consultants know how companies think and function, how they can help transpose legal texts into an operational plan of action; bespoke, correct, without overkill; extremely pragmatic, transparent and independent. In addition, you should know that the new rules don’t just have a legal impact. Processes and technology must be in place too. To gather, check, manage or even delete data correctly. Yes, we’re great at doing that too.
What are you looking for?
An independent partner who helps you with the following:
- the GDPR assessment;
- the GDPR implementation;
- the GDPR certification;
- legal advice on GDPR;
- or fulfils the role of an external Data Protection Officer because it is difficult to find internally suitable candidates;