The EU General Data Protection Regulation is already the new legal standard
- GDPR became law in Europe on 25th May 2016.
- A two-year transition period allows organisations time to introduce compliant business processes i.e. until 25 May 2018.
After 25 May 2018, financial penalties for non-compliance will be substantial.
- GDPR provisions will be enforced by existing national Data Protection Authorities.
- There are two categories of administrative fine for non-compliance with GDPR:
- penalties for the first category may be up to €10 million or 2% of global turnover;
- penalties for the second category may be up to € 20 million or 4% of global revenues.
GDPR will have far-reaching and permanent effects
- business strategy – response must be defined early to ensure compliance by May 2018.
- corporate resources – Board-level approval for changes to budgets and priorities will probably be needed.
- product management – GDPR introduces a new decisionmaker to the buying cycle: the Data Protection Officer (DPO).
- product development – GDPR adds new pain points and feature / function sets to product design.
- in-house legal team – review and update of both customer and supplier contracts will be necessary.
- field communications – extends audiences to include customers’ Chief Privacy Officer, legal counsel.
- marketing team – incorporate new messaging, brief agencies, re-prioritise and adapt actions.
- sales – new training will be required to cover additional features, functions, benefits & audiences.
- … all this by May 2018.