Organisations will be paying particular attention to their data compliance systems and procedures in 2017 ahead of the General Data Protection Regulation (GDPR) that comes into force on 25 May 2018.

This post originally appeared on LinkedIn.

January 23, 2017


Organisations will be paying particular attention to their data compliance systems and procedures in 2017 ahead of the General Data Protection Regulation (GDPR) that comes into force on 25 May 2018.

The legislation was approved in 2016 by the European Parliament and will replace the Data Protection Directive, which sought to establish criteria for data and privacy harmonisation across Europe.  The penalties for non-adherence can be as high 4% of annual turnover or €20m (whichever is greater) so it’s not something that companies can afford to ignore.

Quite apart from the fact the regulation is legally binding (unlike its ‘directive’ predecessor), perhaps the biggest change is that companies outside the EU will also have to comply with the legislation in the context of selling goods or services to EU citizens. This will clearly apply to Britain post-Brexit, even if the government here were to pass different data laws.   

Data and compliance expertise

Whilst new regulations such as E-Privacy are being released, there are some key risk areas that need positioning, before commencing work on ensuring that personal data infrastructure is secure and robust. These include identifying the personal data organisations hold on their customers, the reasons for use and the processing that occurs, tackling consent status, manipulation, and enrichment of data as well as location of physical processing and storage.

With just over a year to go and given the sheer volume of data being processed, organisations need to start planning sooner rather than later, especially in those cases where a complete overhaul of data handling processes is required. Depending on the scale of processing and monitoring, some public and private sector companies may need to appoint Data Protection Officers (DPOs).

Those that are proactive will not only be ahead of the game, but are also likely to win customer trust, which in uncertain times is even more important. The bottom line is that those organisations who are taking data seriously will reap the benefits in terms of improved sales, performance and customer service. Those that don’t face crippling penalties and a visit from the Information Commissioner’s Office (ICO).

As I look at the EU GDPR website, there are apparently 486 days to go. The clock is ticking.

Hydrogen is experienced at leading end to end business transformation and IT programmes. Whether you’ve only just begun looking at how to prepare for GDPR, or want to maximise on the opportunities your data management solution can provide, please contact me.