Now is the Time to Act – The Proposed EU General Data Protection Regulation
In Brussels, the protracted negotiations on an EU-regulation on the processing of personal data is drawing to an end. A few things are however already clear – the processing of personal data will be more strictly regulated than at present, and non-compliance will be costly with possible sanctions of up to 2 % of annual global turnover. Also, the regulation will apply globally to the processing of personal data on behalf of EU entities or regarding persons within the EU.
Although the final wording of the regulation is expected to be agreed on towards the end of 2015, and its entry into force will take place during the first half of 2018, it will be wise to start preparations sooner rather than later.
By already starting to review existing systems, how personal data is processed and taking the new regulation into account in the development of new products and services, costly changes to IT-systems and services may be avoided.
Furthermore the ability to handle and process personal data in accordance with the regulation will be essential for small- to medium sized enterprises, not only to avoid large fines, but also to be eligible to partner up with large corporations, which are likely to require such capabilities as a prerequisite for any collaboration.