On 25 May 2018, data protection law in the EEA will experience the biggest change in over 20 years as the European General Data Protection Regulation 2016/679 (‘GDPR’) comes into force. As a regulation, the GDPR will have direct effect in Member States – including the UK – without any need for further implementation. Failure to comply can lead to major new levels of fines, up to €20m or 4% of worldwide annual turnover, whichever is higher.
While many parts of the GDPR incorporate a risk-management approach, there are major strict obligations that cannot be avoided:
Those in a good position with data protection now are in a good position for their GDPR project. Those starting out need to move quickly. The key is to move forward with an efficient, commercial and expert approach: there are many myths and misleading statements out there.
Whether you’re looking for assistance with general or specific concepts, tackling your GDPR compliance project, reviewing your processing arrangements, training your staff or modelling your ongoing governance and compliance processes, contact us to see how AmberGateTM can help.
With over 20 years of experience advising on the commercial interpretation of data protection laws and guidelines, AmberGate is highly skilled in interpreting the regulatory environment into actionable risk-managed-based compliance programs in this core risk (and reward) arena.
LEARN MORE ABOUT PREPARING YOUR ORGANIZATION FOR GDPR