Plans & PricingSignup for Free

The GDPR Deadline is Friday, May 25. Are You Ready?

By Telmo Silva on May 24, 2018

GDPR Deadline

The GDPR (General Data Protection Regulation) is a European regulation intended to increase data protection for its citizens. Originally announced in 2016, the deadline to comply is May 25, 2018. GDPR replaces the 1995 Data Protection Directive and is widely viewed as a best practice for enforcing individuals’ data privacy rights.

The GDPR applies to organizations in the EU and also includes companies located around the world who are conducting business in the EU. In other words, this is not solely a European regulation. GDPR extends to any company, anywhere in the world, who is conducting business with European companies or directly with European citizens, regardless of their physical location. Any company that controls or processes personal data for citizens of the EU must comply with this data privacy regulation. The fact that company location no longer matters is one of the most significant changes from previous data protection guidance.

As of May 25, 2018, regulators will be empowered to enforce the regulation and impose penalties or fines to organizations not in compliance. Note that the GDPR is a mandate, not a directive as was the previous Data Protection Directive. Consequences for non-compliance could result in fines ranging up to 4% of annual global turnover or €20 Million, whichever is higher.

The Specifics

GDPR provisions apply to all 28 EU member states creating a single standard to which European companies must comply. An important fact within the GDPR is that the regulation holds data processors liable for breaches and non-compliance in addition to the controller of the data. Meaning, it’s possible for both the company that controls the data and its processing partner, such as a cloud storage provider, to be liable for penalties or fines regardless of which entity is actually at fault.

Another important point is that the GDPR lacks clarity around the definition of “protection” for personal data. The regulation states that companies must provide a “reasonable” level of protection for personal data; however, the vagueness of the word reasonable leaves a lot of room for interpretation. This grey area will give regulators some freedom when it comes to assessing fines for data breaches and non-compliance, according to a CSO Online article. It may also create inconsistencies in enforcement.

What to Expect After May 25, 2018

It is yet to be seen how quickly regulators will levy major fines; however, it appears that they will be willing to work with organizations that can prove they are striving for compliance. As long as a company is putting forth ‘Good Faith’ efforts, they could benefit from reduced or postponed fines. Penalties will likely be reserved for companies that blatantly disregard the regulation or fail to comply after multiple warnings. If your company has not yet reached compliance, it is advised that you create a plan to document your progress.

According to an Information Age article, fines, cyber criminal attacks and extortion rates may rise as a result of the new GDPR mandate. The stakes will be higher than ever between attackers, with the ability to acquire and hold captive EU citizens’ personal data and the companies that control the data.

There will undoubtedly be a period of adjustment as companies strive to reach and maintain compliance. Regulators will need time to find common ground for assessing penalties, and unfortunately, cyber-attackers will dedicate time toward creating new methods of corruption. Fortunately, this adjustment period will likely result in a built-in grace period while all parties involved sort out the new world of EU data protection.

Learn more about The Impact of the EU Data Protection Regulation (GDPR) in 2018, in a recent post from Telmo Silva, ClicData CEO.

Table of Contents

Share this Blog

Other Blogs

AI Governance: How to Build Trust and Compliance

AI is making important decisions in various industries, like who gets approved for a loan, who gets hired, and even who gets flagged for fraud. But can we trust these…

The evolution of AI: From Chatbots to Autonomous AI Agents

If you are like me, your use of AI is limited to asking a question on a chat box, potentially refining it a few times and then getting an answer.…

How to Choose the Right Data File Format

The file format you choose for your data is crucial for the effectiveness of your analytics processes. Think of it as the foundation of a building. If it's flawed, everything…
All articles
Privacy is important.
Essential Cookies
Required for website functionality such as our sales chat, forms, and navigation. 
Functional & Analytics Cookies
Helps us understand where our visitors are coming from by collecting anonymous usage data.
Advertising & Tracking Cookies
Used to deliver relevant ads and measure advertising performance across platforms like Google, Facebook, and LinkedIn.
Accept AllSave OptionsReject All