GDPR Update: Navigating the new privacy landscape
Introduction to Deloitte article series on GDPR
This blog introduces a series of informative articles on the topic of privacy and data protection. More specifically, the series will zoom in on the details of the content and the impact of the new General Data Protection Regulation, the GDPR. How to approach this new privacy law? What are the most important aspects?
25 november 2016
Changing privacy landscape – journey towards 25 May 2018
If you have been following the developments in the privacy domain, you will be acutely aware that the regulatory landscape for privacy and data protection has undergone some major changes recently. Most notably, the General Data Protection Regulation (“GDPR”) has been agreed upon by the EU regulators and will enter into force on 25 May, 2018. Some of the people around me, friends, colleagues and clients, that used to be rather quick to dismiss privacy as a straightforward legal or compliance issue, now all seem to have become interested in the topic of privacy. In that regard, the GDPR has already succeeded in increasing the sense of urgency. But will it also succeed in improving the protection of personal data of EU citizens?
As the GDPR has stirred such controversy, and as many organizations now ask themselves whether they are ready for the new rules, we would like to share some of our experience with you on this topic. To this end, we will publish GDPR related articles on a regular basis as well as utilize new and innovative methods to get you up to date on the GDPR. The end objective is to give our readers the information and the means to prepare for the new privacy landscape. But be aware, it will by no means be a simple exercise. We believe that organizations that wish to seriously prepare for the GDPR, and perhaps even benefit from the many opportunities provided for in the GDPR, need to seriously invest in their privacy office capabilities.
The privacy game
Privacy under the GDPR is no longer a tick-the-box compliance topic but rather offers a vast space within which organizations are free to determine their own approach. Within the lines of this playing field (which is defined by the law and such notions as accountability, transparency and justification), organizations can choose to utilize an offensive strategy: for organizations with a high risk tolerance, more adventurous use of personal data or a more opportunistic mindset (without crossing the lines of the law of course!). Alternatively, a more defensive approach is possible. It would suit the type of organizations that are more risk-averse, cautious with their reputation or unsure about their personal data utilization potential. Any of the two extremes is possible, as well as all variations in between. The GDPR does not tell you which strategy to follow, it sets out the lines on the playing field and provides the rules of the game. With our articles and materials on the GDPR, we want to provide you with information on these rules, as well as on the strategies to play your privacy game.
First article series: Top ten aspects that form the core of understanding the GDPR
As a start on the journey towards May 2018, we will begin with a range of articles providing you with a more in depth view on the ten most important aspects of the GDPR. Think of topics such as the right to erasure and the one stop shop principle, amongst eight other highlights of the GDPR. The ten topics have been “democratically” agreed upon by our team and reflect the most controversial or difficult to implement parts of the GDPR. The topics will range from 10 to 1, with #1 being the most important topic, and will be revealed over the next weeks.
We are curious to know what you think about the topic. Contact us via our details below or feel free to reach out on social media.