The EU General Data Protection Regulation is already the new legal standard

• GDPR became law in Europe on 25th May 2016.
• A two-year transition period allows organisations time to introduce compliant business processes i.e. until 25 May 2018.

 

After 25 May 2018, financial penalties for non-compliance will be substantial.

• GDPR provisions will be enforced by existing national Data Protection Authorities.
• There are two categories of administrative fine for non-compliance with GDPR:
• penalties for the first category may be up to €10 million or 2% of global turnover;
• penalties for the second category may be up to € 20 million or 4% of global revenues.

 

GDPR will have far-reaching and permanent effects

• business strategy – response must be defined early to ensure compliance by May 2018.
• corporate resources – Board-level approval for changes to budgets and priorities will probably be needed.
• product management – GDPR introduces a new decisionmaker to the buying cycle: the Data Protection Officer (DPO).
• product development – GDPR adds new pain points and feature / function sets to product design.
• in-house legal team – review and update of both customer and supplier contracts will be necessary.
• field communications – extends audiences to include customers’ Chief Privacy Officer, legal counsel.
• marketing team – incorporate new messaging, brief agencies, re-prioritise and adapt actions.
• sales – new training will be required to cover additional features, functions, benefits & audiences.
• … all this by May 2018.