EU Privacy Regulation published, what to do?
The EU Privacy Regulation will come into force on 25 May 2018, the deadline appears far, but given the amount of changes to be implemented it seems too soon. I have discussed in a previous post about the list of main changes that will be introduced by the European General Data Protection Regulation and I am running a series of posts on the top 10 EU Privacy Regulation issues which now include
With the publication of the Regulation on the Official Gazette of the European Union, we now have its effective date which will be the 25th of May 2018.
Your “to do list” for privacy compliance is long
As you may appreciate from the list of changes introduced by the Regulation, this is not just about some additional paperwork to be arranged. The Regulation has an impact on the model of business of companies that shall for instance run a privacy impact assessment of their products/services and implement a privacy by design approach.
But it is also true that a number of provisions of the Regulation are quite broad and therefore you may need assistance on
- Arranging effective organisational controls and governance structures – privacy compliance needs to be effective and regulators will review how the internal organization of companies is ensuring it;
- Running a privacy impact assessment – an evaluation of the types of data processed and of the measures to be adopted to minimize potential risks of lack of compliance is required both on the launch of products/services, but whenever substantial changes are put in place;
- Defining the measures to handle data breaches – cyber risk is a massive threat for companies and needs the implementation of organizational and technical measures in order to prevent data breaches and being able to deal with them when take place;
- Regulating cross-border data transfers – the Privacy Shield is the main upcoming change on data transfers, but given the potential sanctions for breaches of the Regulation, any data transfer will require a deeper scrutiny on how data are handled when transferred outside the European Economic Area;
- Liaising with regulators – the principles introduced by the Regulation are very broad, a thorough negotiation with data protection authorities on the scope of obligations will be crucial to find solutions ensuring privacy compliance and preserving the potentials of the business;
- Defending in potential disputes – investigations by regulators and claims by individuals will become a major risk for businesses and companies shall be ready to face them;
- Getting benefits out of data – I published a blog post whose title is “Big data is the money maker of the IoT“, this is absolutely true and for this reason it is necessary to find solutions able to maximise the potentials of data ensuring privacy compliance;
- Assisting in adopting a privacy by design approach – privacy by design will become with the Regulation compulsory and with the launch of technologies such as those of the Internet of Things requiring the processing a large amount of data, it is the sole tool to protect businesses from potential sanctions.
So, it is time to get ready for the EU Data Protection Regulation and if you found this article interesting, please share it on your favourite social media!
WRITTEN BY GIULIO CORAGGIO
IT, gaming, privacy and commercial lawyer at the leading law firm DLA Piper. You can contact me via email at firstname.lastname@example.org or email@example.com or via phone at +39 334 688 1147.