General Data Protection Regulation (GDPR) Infographic The General Data Protection Regulation (GDPR) is the biggest shake-up to privacy regulation in 20 YEARS.
What is GDPR?
GDPR is a set of rules and regulations designed to strengthen and unify data protection for individuals within the EU, enabling people to better control their personal data.
GDPR will give EU citizens: • •
Easier access to their personal data The right to data portability
The right to “be forgotten” The right to know about data breaches
New principles under the GDPR: •
Lawfulness, fairness and transparency
Integrity and confidentiality
Personal data must be processed lawfully, fairly and in a transparent manner Personal data must only be collected for specified, explicit and legitimate purposes Personal data must be adequate, relevant and limited to only what is necessary Personal data must be accurate and, where necessary, kept up-to-date Personal data must be kept in a format that permits identification of data subjects for no longer than necessary Personal data must be processed in a manner that ensure appropriate security of the data The data controller shall be responsible for and able to demonstrate compliance with these principles
What is GDPR?
Rapid Growth of Global Data
over one-third of data
will live in or pass through the cloud
Experts estimate a
in annual data generation by
ert p x E
of all data is stored by
enterprises Increase in Frequency, Size and Scale of Data Breaches
Cyber criminals compromised more than A BILLION data records in 2014 in more than 1,500 security breaches, equating to 32 records lost or stolen every second
This is a 49% increase
in the number of records lost or stolen compared to 2013
in data breaches and a...
In 2005, 157 data breaches were reported in the U.S. In 2014, 783 data breaches were reported –
an increase of almost 500% Despite this, only 28% of security breaches were disclosed last year.
How Will GDPR Affect EU Organisations? Any EU organisation that collects and stores personally identifiable information (PII) will be subject to the rules and regulations set out in the GDPR. The GDPR applies to any entity managing EU citizens’ data, irrespective of its location. European countries have two years to comply by 25th May 2018 Data breaches must be reported within 72 hours of the breach occurring. Data breaches that must be reported include: • Confidentiality breaches Unauthorised access to, or disclosure of, personal data
The unauthorized alteration of personal data The accidental or unlawful destruction or loss of personal data
All organisations need to implement a wide range of measures including privacy impact assessments (PIAs), audits, policy reviews and activity records.
What Will Happen to Organisations that Fail to Comply?
Up to €10m or 2% of global turnover, whichever is greater
Up to €20m or 4% of global turnover, whichever is greater
€10m or 2%
€20m or 4%
Is Your Company Ready for GDPR? 90% of Europeans want the same data protection rights across the EU. A