A) Still taking the appropriate measures to implement it
B) Complying with the requirements imposed by the GDPR
C) Already contributing to making the application of the GDPR a success at European level
If you have chosen A, you admit that you are behind in complying with the GDPR, and you could be held accountable for that.
GDPR came into force on May 25 2018, and the principle of accountability is a cornerstone of this regulation. According to the GDPR, a company is not only responsible for complying with all data protection principles, it must also be able to demonstrate compliance. In fact, if you have not taken enough steps to bring personal data processing operations in line with the GDPR, be aware that the supervisory authorities can take action against your company. And it seems that the fines can get ugly in 2020 (Check the quote!).
If your answer is B, congratulations, it’s likely that your company can already leverage the benefits of GDPR compliance in many ways.
Embracing the GDPR is not just a matter of coping with new European laws, it’s also about proving to your clients that you are trustful and that you take care of data, increasing the confidence they have in your company. Moreover, having a GDPR-compliant framework has forced businesses to improve data security or at least increase security awareness, and therefore, be better prepared in case of attacks, leaks and incorrect data processing operations.
If your choice is C, it means that your company is involved in some initiatives to enhance progress in the application of the GDPR in the EU.
Thanks to their experience dealing with data, some companies are ready to provide valuable inputs in EU initiatives regarding the implementation of the GDPR. For instance, within the European Framework Programme for Research and Innovation of the EU, Horizon 2020, there are projects like PANELFIT that address the implications of the implementation of the new European data protection regulation. In this project, relevant European stakeholders (companies, universities, research institutes, etc.) work together to generate a set of results that will serve at European level to reduce the ethical and legal issues raised in data management when using ICT technologies.
Correct answer: if you want to avoid A, choose to be B, and you will become C
DLA Piper’s latest data breach survey suggests the penalties handed out under the General Data Protection Regulation thus far are not as harsh as they could have been—though that could change in 2020