Johannesburg, 28 Mar 2018
Introduction and executive summary
The General Data Protection Regulation (GDPR) was passed into law by the European Union Parliament in April 2016, with enforcement date beginning 25 May 2018. With the deadline quickly approaching, organisations are running out of time to determine whether and how the regulation applies to them and if so, how to implement changes in their IT processes that may be necessary to comply with the requirements.
The GDPR supersedes the Data Protection Directive (Directive 95/46/EC), which had been the basis of European privacy laws since 1995. Like most governmental regulations, the GDPR is a complex document and in some respects, is open to interpretation. The intent of the legislation is to protect the privacy of EU citizens and standardise the laws across all EU countries.
The good news is that organisations have many tools at their disposal to help them carry out and document the steps that must be taken to meet the GDPR requirements, from identifying the personal data that must be protected, to securing it properly, managing it effectively, and tracking its flow and where, when and by whom it is accessed.
Share