Data Protection & CybersecurityPrivacy & Cybersecurity

EU Privacy Regulation published, what to do?

The EU Privacy Regulation will come into force on 25 May 2018, the deadline appears far, but given the amount of changes to be implemented it seems too soon. I have discussed in a previous post about the list of main changes that will be introduced by the European General Data Protection Regulation and I am running a series of posts on the top 10 EU Privacy Regulation issues which now include

#1 Which companies shall care about it?

#2 Will fines be really massive?

#3 Did you run a privacy impact assessment?

#4 New risks for tech suppliers

#5 What changes with the one stop shop rule?

#6 How the new privacy data portability right impacts your industry

#7 What issues for Artificial Intelligence?

#8 How to get the best out of data?

#9 Are you able to monitor your suppliers, agents and shops?

#10 What liabilities for the data protection officer?

#11 Are you able to handle a data breach?

#12 Privacy by design, how to do it?

#13 How data on criminal convictions of employees become a privacy risk

#14 Red flag from privacy authorities on technologies at work

#15 Need a GDPR compliant data processing agreement?

#16 Is your customers’ data protected from your employees?

#18 Data retention periods, an intrigued rebus under the GDPR

With the publication of the Regulation on the Official Gazette of the European Union, we now have its effective date which will be the 25th of May 2018.

Your “to do list” for privacy compliance is long

As you may appreciate from the list of changes introduced by the Regulation, this is not just about some additional paperwork to be arranged. The Regulation has an impact on the model of business of companies that shall for instance run a privacy impact assessment of their products/services and implement a privacy by design approach.

But it is also true that a number of provisions of the Regulation are quite broad and therefore you may need assistance on

  1. Arranging effective organisational controls and governance structures – privacy compliance needs to be effective and regulators will review how the internal organization of companies is ensuring it;
  2. Running a privacy impact assessment – an evaluation of the types of data processed and of the measures to be adopted to minimize potential risks of lack of compliance is required both on the launch of products/services, but whenever substantial changes are put in place;
  3. Defining the measures to handle data breachescyber risk is a massive threat for companies and needs the implementation of organizational and technical measures in order to prevent data breaches and being able to deal with them when take place;
  4. Regulating cross-border data transfers – the Privacy Shield is the main upcoming change on data transfers, but given the potential sanctions for breaches of the Regulation, any data transfer will require a deeper scrutiny on how data are handled when transferred outside the European Economic Area;
  5. Liaising with regulators – the principles introduced by the Regulation are very broad, a thorough negotiation with data protection authorities on the scope of obligations will be crucial to find solutions ensuring privacy compliance and preserving the potentials of the business;
  6. Defending in potential disputes – investigations by regulators and claims by individuals will become a major risk for businesses and companies shall be ready to face them;
  7. Getting benefits out of data – I published a blog post whose title is “Big data is the money maker of the IoT“, this is absolutely true and for this reason it is necessary to find solutions able to maximise the potentials of data ensuring privacy compliance;
  8. Assisting in adopting a privacy by design approachprivacy by design will become with the Regulation compulsory and with the launch of technologies such as those of the Internet of Things requiring the processing a large amount of data, it is the sole tool to protect businesses from potential sanctions.

So, it is time to get ready for the EU Data Protection Regulation and if you found this article interesting, please share it on your favourite social media!


Follow me on LinkedIn – Facebook Page – Twitter – TelegramYouTube  Google+

Don't miss our weekly insights

Show More

Giulio Coraggio

I am the location head of the Italian Intellectual Property & Technology department and the global co-head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our client's success.

Related Articles

Back to top button