The GDPR (General Data Protection Regulation) outlines a series of amendments to the data protection and data privacy requirements applicable to all companies with European customers, regardless of where the company’s headquarters reside.
Some of the proposed amendments include:
- penalties of up to €100 million, or 2.5% of annual worldwide turnover, whichever is greater
- increased territorial scope
- tighter requirements for obtaining valid consent to the processing of personal data
- enhanced restrictions on profiling and targeted advertising
- new data breach reporting obligations
- direct legal compliance obligations for “data processors”
- extended data protection rights for individuals, including the “right to be forgotten” clause
- processing companies—such as third-party vendors or technology service providers—are now subject to regulation and privacy compliance
All indicators point toward a 2017 deadline for sign-off. We’ll have to wait and see which amendments are officially adopted. It sure proves to be an exciting ride. No doubt, cloud providers (if they haven’t done so already) will begin planning for these changes immediately so they don’t fall farther behind the eight ball.