Four years in the making, the EU General Data Protection Regulation has been approved by the EU Parliament, effective 25 May 2018.
The GDPR will replace the earlier EU Data Protection Directive 95/46/EC, implemented in 1995 and currently in effect.
Objectives of the GDPR are:
- Standardize data privacy laws EU-wide
- Protect data privacy of all EU citizens
- Change the way organizations handle data privacy
There will be substantial fines for non-compliance.
Key changes from the previous directive include:
- Jurisdiction expanded to include all companies processing personal data of EU residents regardless of company location or where data are processed
- Fines for non-compliance of up to 4% of a company's annual global sales or €20M, whichever is greater
- Companies must solicit data in plain language, indicating the purpose of obtaining the data and making it as easy to withdraw consent as to grant it
- Companies must give notification of data any security breach within 72 hours of becoming aware of it.
- EU residents entitled to receive a free copy in electronic format of any personal data of theirs being held by an organization
- Right to be forgotten including data erasure and cessation of data dissemination
- Data portability: EU residents will be entitled to get personal data they have previously given to one organization and move it to another organization
- Data protection must be built into systems vice bolted on later.
- Certain organizations must appoint a Data Protection Officer.
Hence, this conference.
Organizers say the event is aimed at "decision makers from across the public and private sectors in IT, data protection and compliance, finance, marketing, legal and HR" who want to understand the GDPR and learn how to avoid fines.
Speakers will include reps from:
- GDPR Awareness Coalition
- International Association of Privacy Professionals
- European Data Protection Supervisor
- Association of Data Protection Officers
- Office of the Data Protection Commission
Early-bird pricing ending 27 July:
- 1-3 tickets €250 + VAT per ticket
- 4 tickets €188+VAT per ticket
- 6 tickets €167+VAT per ticket
The event is being organized by Dublin-based conference and exhibition promoter iQuest and the Sunday Business Post newspaper.
Obviously, this conference is aimed primarily at large organizations (think Google) but the terms of the new regulation are such that any organization anywhere in the world needing to get personal data from EU-resident clients, members, newsletter subscribers, etc., etc. in order to conduct business and make a buck needs to figure out how to get compliant.
If I could just drive to this conference - vice laying out for transatlantic flights and a hotel - I'd go.
Anyone handing EU residents' data who can just drive to it probably should.
Others, like me, for whom a trip to Ireland isn't doable should start keeping an eye on developments via the GDPR Portal (link below) and begin tightening up their data-protection procedures and documentation.
- David
