The EU General Data Protection Regulation is here
The biggest shakeup in data protection regulation in a generation
The European Union (EU) General Data Protection Regulation (GDPR) is one of the most progressive and advanced data protection legislation globally, and has replaced the current Data Protection Directive.
We look at some key points on this new legislation
General Data Protection Regulation
After four years of negotiations, the EU General Data Protection (GDPR) is here! The new law will introduce a range of requirements that will have significant impacts on organisations. Combined with increasing demands from consumers, privacy is now firmly positioned at the top of the coporate agenda.
Significant New Requirements
The GDPR mandates organisational accountability and will require organisation to implement robust privacy governance and in general take a more proactive approach to privacy compliance.
Harmonisation and Enforcement
The GDPR harmonises much of the currently fragmented legal framework for privacy across Europe, providing one data protection regulation for all member states.
Organisations outside the EU that process data to offer goods or services to European residents or to monitor the behaviour of European residents will also be subject to GDPR requirements.
Some African organisations believe that the European Union’s General Data Protection Regulation (GDPR), does not apply to them, simply because they do not operate from a European country.
The GDPR will apply to organisations which do not have an EU presence, but:
- Process the personal data of individuals in the EU
- Have employees based in the EU
- Target individuals in the EU through either, the offering of goods or services to such individuals, or the monitoring of their behaviour in the EU
- They transfer personal data to or receive personal data from the EU
How can Deloitte help?
Our experienced team of data privacy and cyber risk professionals can deliver a wide range of GDPR services.