Erring organisations may face fines of up to €20m
Nearly nine in 10 (88%) Australian organisations are worried that a failure to adhere to the European Union’s (EU’s) upcoming General Data Protection Regulation (GDPR) could have a major negative impact on their business, according to research from Veritas Technologies.
The study expects Australian businesses to spend an average of $1.86m to get themselves GDPR compliant before enforcement begins on 25 May next year.
Some 23% of firms fear non-compliance could put them out of business, as fines could reach up to €20m or 4% of global annual turnover. Less than 30% believe their organisation is compliant, and 46% have expressed concerns that they will not meet the deadline, further data revealed.
Although it was crafted for the EU, the legislation also applies to organisations outside of it if they hold or process personal data of EU residents or offer goods or services that monitor their behaviour.
It aims to enhance data protection rights of individuals in the EU and facilitate the free flow of personal data in a single digital market. It includes oversight over information that can be used to directly or indirectly identify a person, including bank details, posts on social networking websites, medical information.
Among other things, it requires companies to appoint “Data Protection Officers” and to notify clients of a data breach within 72 hours of first learning about it. Individuals will also have a “right to erasure” and a right to know how organisations use their personal data.
Related stories:
Organisations too complacent on cyber risk – report
Data breaches cause for alarm among corporate counsel, survey reveals
The study expects Australian businesses to spend an average of $1.86m to get themselves GDPR compliant before enforcement begins on 25 May next year.
Some 23% of firms fear non-compliance could put them out of business, as fines could reach up to €20m or 4% of global annual turnover. Less than 30% believe their organisation is compliant, and 46% have expressed concerns that they will not meet the deadline, further data revealed.
Although it was crafted for the EU, the legislation also applies to organisations outside of it if they hold or process personal data of EU residents or offer goods or services that monitor their behaviour.
It aims to enhance data protection rights of individuals in the EU and facilitate the free flow of personal data in a single digital market. It includes oversight over information that can be used to directly or indirectly identify a person, including bank details, posts on social networking websites, medical information.
Among other things, it requires companies to appoint “Data Protection Officers” and to notify clients of a data breach within 72 hours of first learning about it. Individuals will also have a “right to erasure” and a right to know how organisations use their personal data.
Related stories:
Organisations too complacent on cyber risk – report
Data breaches cause for alarm among corporate counsel, survey reveals
