On May 25 the new RGPD comes into force, which makes companies responsible for data protection, a fine-tuning of the old directives before technologies such as Big Data. In TBS, it is not likely that all European SMEs will be able to meet this deadline, which will entail changes such as new positions such as the one responsible for the data, together with cybersecurity technology for the company itself. TBS has estimated the demand for data managers at 75,000.
The upcoming entry into force of the new General Data Protection Regulation (RGPD) on May 25, 2018 will be a great challenge for many SMEs operating in the European Union. In order to comply with the new regulations on user protection in the processing of data, they already have new requirements in the consent in their agenda of tasks; notifications about security breaches and the figure of the data protection delegate (DPO).
The aim of this new regulation is above all to protect European citizens against the fraudulent use and treatment of personal data. Gregory Voss, Juris Doctor and law professor at TBS, and Stanley Claisse, lawyer specialized in intellectual property law, information technology and telecommunications, analyzed the keys of this new regulation at the Matinals of Research organized by TBS, Toulouse Business School.
The proposal by the EU of the RGPD is due, according to Gregory Voss, that this new regulation will be able to respond to the numerous technological developments such as Big Data, biometric storage and other technologies whose former directive of 1995 did not contemplate.
A regulation that was not adapted to the new technologies and that also, according to Voss presented disparities between the member states that have transposed the Directive with many differences; the harmonization of regulation is, therefore, an objective of the reform.
Corporate responsibility: a great challenge for SMEs
The philosophy of the new regulations for the protection of personal data focuses firmly on corporate responsibility. This will give rise, on the one hand, to the obligation of the companies to demonstrate at all times that they comply with the legislation, generating changes in the governance of the companies that should hire suitable profiles.
It is estimated a demand of 75,000 positions of data protection officers
These “representatives of personal data protection” will have the task of analyzing the processing of personal data of the company and ensuring compliance with the rules. It is estimated a demand of 75,000 jobs in this sector. Stanley Claisse explains that “for SMEs, this new regulation is a great adaptation challenge while large companies have already taken action and many of them already have a data protection delegate (DPO). While large companies have already prepared for these regulatory changes, SMEs will take longer to adapt. Expecting that they will comply with this new regulation in the first six months is something difficult to think about. It will be a long journey and will require regularity to verify the compliance of the data.
The positive side, technology for the company’s own security
The objective of the responsibility of the companies is expressed, on the other hand, through the requirement of all the companies and, not only of the Internet access providers to inform their clients of possible cases of piracy in their databases . In case of not fulfilling these obligations, companies are exposed to serious financial penalties that can reach 4% of the annual turnover for any of the violations.
Although the objective of this new regulation is, first of all, to minimize the risk of personal data violations and subsequent damages, its effect will be beneficial for the level of corporate security. To protect personal data, companies will implement computer security tools, encryption, access control. These reinforced obligations should contribute to the overall improvement of the security level of information systems and have a preventive effect on cybercrime.