The General Data Protection Regulation. With only four months to go, are you ready?

ü New Regulation            

ü New Challenges

ü New Business opportunities

What is GDPR? 

The GDPR is a new law in the European Union (EU) providing for uniform data protection regulations throughout the EU.  Effective as of 25 May 2018, it will represent one of the highest standards of data protection in the world, creating a consistent, global and unified legal basis for data protection usage.  The regulation applies to all companies worldwide who work, save or process personal data of EU citizens, independently from their country of establishment.   All Albanian entities that process EU citizens’ personal data shall ensure compliance with GDPR.

What do you need to do?

ü Mandatory Data Inventory and Record Keeping of all internal and third-party processing of personal data, with a clear focus on Personally Identifiable Information (PII) and other sensitive information.

ü Comprehensive individual rights to data subjects to access, correct, erase, and object to the processing of their data.

ü Mandatory data-breach notification to regulators and individuals whose information is compromised.

ü Mandatory data protection officers and an overall rethinking of privacy strategy, governance and risk management

ü Embedding Privacy by design and by default methodology into business as usual practices.

ü Set up an implementation programme of remedial activities to address identified compliance gaps with the GDPR.

What are the consequences of non-compliance? 

ü Financial Risk:

o Fines up to € 20 million or up to 4% of total worldwide annual turnover, issued by the data commissioner for severe infringements including but not limited to:  special categories of data, transfers of personal data to a recipient in a third country without appropriate consent etc.

o Fines up to €10 million or up to 2% of total worldwide annual turnover, issued by the data commissioner for less severe infringements relating to (not an exhaustive list): data protection by design and by default, records of processing etc.

ü Reputational risk:

o Negative impact on brand image

o Lawfulness of processing

o Operational suspensions

ü Compliance burden:

Legal proceeds compensation as a result of a GDPR infringement

 

Documentation

Télécharger GDPR_Newsflash__January_18_PwC_Albania_.pdf  (PDF • 657 Ko)
Partager cette page Partager sur FacebookPartager sur TwitterPartager sur Linkedin

Fermer

Vous débutez à l'export ?