The clock has started ticking! 

On 14 April last the EU adopted the wording for the General Data Protection Regulation (GDPR). This will have a significant impact on an organisation's data protection practices and obligations and will replace existing data protection legislation.  

While businesses have a 2 year transitional period to comply, there is a lot to be done particularly if an organisation already has areas of weak compliance with the existing rules. 

The key changes being brought in through GDPR are:

- broader territorial reach

- wider definition of personal data

- increased sanctions - up to €20m or 4% of global turnover

- significant notification obligations in the event of a data breach - within 72 hours

- increased obligations on data processors

- one stop shop for data protection compliance and supervision

- significant obligations on demonstrating compliance

- certain requirements to appoint data protection officers

- significant obligations on obtaining consent

- individual rights on moving their data to other service providers

It is now essential that GDPR compliance is put on the leadership agenda. Organisations should carry out gap analysis to identify where their main areas of compliance weaknesses are. They then need to prepare project plans on plugging those gaps. It is likely that early fines will be doled out to show organisations that Data Protection authorities across the EU are serious about enforcement.  

The GDPR will enter into force 20 days after its publication in the official journal which is estimated to happen sometime between May and July 2016. This means organisations will need to be compliant by May/July 2018. 

Are you getting ready?!