The General Data Protection Regulations (GDPR) come into force on 25th May 2018. The Regulations apply to organisations processing personal data within the European Union, as well as those outside the EU that offer goods or services to EU citizens. But what impact will this have on the businesses that it applies to? In a nutshell, businesses must:
Comply with more arduous obligations on how data is processed;
Be more responsive to the greater rights granted to individuals;
And potentially face greater fines for breaches and non-compliance of up to €20 million or up to 4% of annual worldwide turnover
Before the GDPR comes into force, businesses must review their current processes, understand what personal data they possess, and ensure they can meet their future obligations. But with exponential growth in enterprise data, businesses could have large amounts of personal information, often in varied and unstructured forms, spread across hundreds of different systems. Against this backdrop, attaining GDPR compliance presents a huge logistical challenge.