Cyber security firm IT Governance has launched a survey to establish how organisations are preparing for the much anticipated launch of the EU General Data Protection Regulation.
The Regulation has now been under discussion for more than three years, and its adoption target has been postponed several times. To date, more than 3,000 revisions have been applied since the EU Commission first proposed a single, harmonised privacy law for the EU in January 2012. Latest updates suggest that the Regulation will be finalised by early 2016.
Alan Calder, the founder and executive chairman of IT Governance, says, “With data breaches continuing to dominate news headlines, and the draft Regulation proposing data breach penalties in the region of €100 million or 2-5% of turnover, organisations cannot afford to take a wait-and-see approach. Businesses must act now to ensure they are not caught off guard.”
Some of the proposals included in the draft Regulation include a broader definition of ‘personal data’, changes to rules for obtaining valid consent, the appointment of a data protection officer (DPO) for businesses with more than 5,000 data subjects, introducing mandatory privacy risk impact assessments, introducing data breach notification regulations, the right to be forgotten, and introducing privacy by design.
The Regulation will not only apply to European companies, but also to non-European companies that do business in the EU.
IT Governance invites organisations that will be affected by the new Regulation to participate in the survey. All participants will receive a copy of the final report.
The survey can be found here: https://www.surveymonkey.com/r/EURegSurvey