In this video, Hadi Hosn, Head of Security Strategy and GRC Consulting in EMEA provides a quick overview of the EU General Data Protection Regulation (GDPR), coming into effect on May 25, 2018, and highlights some key facts and figures that demonstrate the importance of putting GDPR Readiness Programs in place.
From May 25th, 2018, all organizations that handle EU citizen information are in scope of this regulation, irrespective of where they are domiciled.
I'm Hadi Hosn, head of Governance risk and Compliance Consulting in EMEA for SecureWorks. I'm going to talk to you about the General Data Protection Regulation.
GDPR, or the General Data Protection Regulation, is the first comprehensive overhaul of data protection regulations in the EU for 20 years. It's going to consolidate all of the different regulations across member states into a single, central source of standard.
It is also the most lobbied regulation in history of the EU. It has had 4,000 revisions before the final draft has been released. It will be mandatory as of May 25th, 2018. All organizations that handle EU citizen information are in scope of this regulation, irrespective of where they are domiciled as an organization. Some facts and figures that we have seen at SecureWorks from the General Data Protection Regulation. 4% is a potential fine in relation to a breach of the General Data Protection Regulation. 4% of global turnover of an organization or 20 million euros. 72 hours. That is the amount of time you have as an organization to notify the regulator of a data breach from when you detect it.
28,000. That is the number of new data protection officers that are going to be required across the EU organizations and across all organizations handling EU citizen data. 190 countries are going to be in scope of their regulation. There are so many different organizations working with EU citizen information and they need to consider this regulation as part of this operation.
There are over 80 new requirements with this General Data Protection Regulation. These include things like: Privacy by Design, where you as an organization need to ensure data security and data privacy is considered as part of all of your programs in the design phase.
Privacy impact assessments. You need to conduct risk assessments and privacy assessments of new projects, new third parties coming on board, new initiatives that you have. Given those key facts, organizations need to have GDPR Readiness Programs.