If your organisation has been busy preparing for the new General Data Protection Regulations (GDPR) which come into effect on 25th May 2018, you may not be thrilled to hear that there is soon to be another piece of legislation to comply with.
GDPR is designed to provide increased levels of protection to individuals in relation to their personal data. It relates to personal data in all of its various forms, covering both online and offline use, sharing and storage of information. Organisations now have a series of important changes to make, including:
- Appointing a data protection officer
- Improving data protection procedures and policies
- Reviewing data collection and processing activities
- Managing consent
- Putting mechanisms in place to prevent data security breaches.
The penalties for companies which breach GDPR when it comes into effect are severe to say the least, as fines up to €20 million can be issued by the Information Commissioners Office (ICO).
Hot on the heels of GDPR…the ePrivacy regulations
The unfortunate news for organisations that have put the hard work in to ensure they are GDPR compliant by the May deadline date is that there is yet another set of regulations on the way. The ePrivacy regulations is set to replace a current directive covering privacy rules across EU member states. It is still being drafted and will need EU parliament approval to become law, but data protection experts are warning that it could mean more hoops for organisations to jump through to ensure compliance. Martech Today explains more about the advent of ePrivacy here.
GDPR and ePrivacy both cover data protection practices across the EU and both will impose high penalties for non-compliance. While they do both relate to the protection of personal data for individuals, there are a number of key differences as outlined by the EU GDPR Online Consultation Centre
- GDPR covers data protection and handling of personal data in all of its forms, while ePrivacy focuses explicitly on online communications
- The ePrivacy legislation focuses only on electronics – from devices and processing techniques to web browsers.
- Both regulations were created to enshrine a different section of the European Charter of Human Rights. However, the ePrivacy regulations are designed to provide people with privacy in private and family life, while GDPR focuses on providing protection to individuals for their personal data and how it is processed and used.
What organisations should remember is that ePrivacy is designed to complement and strengthen GDPR, and that they can only follow the rules as written. Making changes to comply with GDPR will make a huge difference when it comes to any additional compliance needed for ePrivacy – which may be none as the two pieces of legislation are designed to be in sync.
Data protection can be a complex and difficult thing to understand, not to mention implement across your entire organisation. With GDPR essentially here though, it’s crucial to get to grips with it. Seek expert advice from our specialists here at Ambos Digital, particularly when it comes to making changes to your website.