In this video, Hadi Hosn, Head of Security Strategy and GRC Consulting in EMEA, provides a quick overview of the EU General Data Protection Regulation (GDPR), coming into effect on May 25, 2018, and highlights some key facts and figures that demonstrate the importance of putting GDPR Readiness Programmes in place.
From May 25th, 2018, all organisations that handle EU citizen information are in scope of this regulation, irrespective of where they are domiciled.
I'm Hadi Hosn, head of Governance risk and Compliance Consulting in EMEA for SecureWorks. I'm going to talk to you about the General Data Protection Regulation.
GDPR, or the General Data Protection Regulation, is the first comprehensive overhaul of data protection regulations in the EU for 20 years. It's going to consolidate all of the different regulations across member states into a single, central source of standard.
It is also the most lobbied regulation in history of the EU. It has had 4,000 revisions before the final draft has been released. It will be mandatory as of May 25th, 2018. All organisations that handle EU citizen information are in scope of this regulation, irrespective of where they are domiciled as an organisation. Some facts and figures that we have seen at SecureWorks from the General Data Protection Regulation. 4% is a potential fine in relation to a breach of the General Data Protection Regulation. 4% of global turnover of an organisation or 20 million euros. 72 hours. That is the amount of time you have as an organisation to notify the regulator of a data breach from when you detect it.
28,000. That is the number of new data protection officers that are going to be required across the EU organisations and across all organisations handling EU citizen data. 190 countries are going to be in scope of their regulation. There are so many different organisations working with EU citizen information and they need to consider this regulation as part of this operation.
There are over 80 new requirements with this General Data Protection Regulation. These include things like: Privacy by Design, where you as an organisation need to ensure data security and data privacy is considered as part of all of your programs in the design phase.
Privacy impact assessments. You need to conduct risk assessments and privacy assessments of new projects, new third parties coming on board, new initiatives that you have. Given those key facts, organisations need to have GDPR Readiness Programmes.