Data is fast becoming more valuable than gold

It is worth underscoring that the rule applies even in the absence of a physical presence in the European Union. They can reach €20 million or 4 per cent of the annual global turnover - whichever is higher.

The new guidance and documentation will be available on the RLA website in the coming weeks and will be shared with members by email and on our campaigns and news centre.

Businesses who routinely process extensive personal information or large amounts of personal data must employ a Data Protection Officer (DPO) whose role it is to deal with any data protection queries and ensure compliance with GDPR.

Diar points out that the new laws were written to protect people from centralized services that control their data.

Definition of processing. This definition is very broad.

Individuals already have the right to access information that a company has obtained and to know how and why their data is being processed, as well as who will see it. Data can also be rectified, changed or deleted at any time by the person it belongs to. All must be done securely and within the rights of the customer.

In conclusion, Ustaran said that given that companies and organisations know what the legal framework is going to look like for at least the next four years, it is "quite possible" for United Kingdom companies to fix on an approach to take on data protection for their operations worldwide.

Most GDPR-relevant data is stored on premises.

Rather, "a statement or clear affirmative action" by the customer is required.

It will mean investments in different dimensions, including technological and organisational ones, to ensure that sensitive data has been collected with explicit consent from subjects.

Under the GDPR, a key exercise for IT contractors is to work out whether you are a Data Controller or a Data Processor, and to define the relationship between you and your clients, since in the event of a Processor-Controller relationship, you need to set out the scope of your relationship in writing.

Data protection by design.

If you can convey the message that data protection is important to your business, that GDPR compliance is not merely an inconvenience but that you take the personal data you hold extremely seriously, your company will earn market trust and respect.

Cyber cross-jurisdictional risks not only occur in connection with data breaches.

The new law codifies the right of individuals to request that their data be deleted - but the whole point of a blockchain is that data can not be deleted. DPOs should report to top management. Businesses can be sued by individuals suffering as a result of data mismanagement. In Germany, for example, pursuant to section 8a of the Act on the Federal Office for Information Security (BSIG), so called operators of critical infrastructure, such as energy, transportation or telecommunication companies as well as insurers, have to take organisational and technical measures to avoid errors of the availability, integrity, authenticity and confidentiality of their information technology systems, components and processes which are essential for the functionality of the operated critical infrastructures.

Facebook is introducing the new policies this week in Europe, but eventually everyone on the social network will be asked to decide whether they want to enable features like facial recognition and some types of targeted advertising, the company said in a blog post. We've had a lot of these controls in place for years. Their compliance teams should have sufficient flexibility to handle changes as the transition proceeds, given adequate notice. People are waking up to the fact that their data is worth something, which means businesses need to respect that. The regulation will also impose "privacy by design" and mandatory breach notification within 72 hours of the breach.

"The GDPR presumes that there will be central intermediaries that can "erase" information, but the world is trending toward ever more decentralized and immutable technologies", said Brito. However, they will be under the GDPR, and this is another area in which the taking best practice and effectively codifying it.

  • Arturo Norris