Are You Ready for GDPR?
Are You Ready for GDPR?
  • 변은비 기자
  • 승인 2018.03.19 09:00
  • 댓글 0
이 기사를 공유합니다

One of the most important information security issues around is the implementation of EU’s personal information protection laws known as General Data Protection Regulation GDPR. These laws were issued in 2016 by the European parliament. They are integrated regulations intended to reinforce the personal information of European citizens. It has taken two years to implement these laws and it will be enforced in each EU member country beginning May 25th, 2018. These laws are to protect European citizens’ personal information so you may think that it is not related to our country. However, the implementation of this law should be observed closely because every corporation in the world that collects and processes data from European citizens must comply with GDPR. This law must be applied to all 28 member countries in the EU equivalently. It is so complicated that it is expected that most businesses will need a large investment to meet the laws and make management teams. There are three bills to know concerning the GDPR.

The first bill deals with the application of GDPR. The GDPR applies to individuals in the European Union who do not have a place of business in the EU, but who process personal information of residents in Europe. Also, it affects how sensitive personal information of 250 employees is handled.

The second bill deals with the range of personal information applied by GDPR. The range of personal information applied by GDPR is basic information such as name, address, ID, location and web information. Also, it includes health, genetic information, racial or ethnic information, political opinion and sexual orientation.

The third bill has to do with punishment due to violation of GDPR. For example, if information processing laws are violated such as consent requirements and transfers to other countries, the entity in violation must pay 4% of the worldwide annual turnover, or 20 million EUR (approximately 26 billion KRW). Also, because decisions on whether or not to levy penalties are made by member-state oversight bodies, this can be one of the main reasons for compliance with GDPR.

Likewise, although European privacy regulations are emerging as a risk factor for all industries, there is concern that domestic and overseas industries are not aware of the seriousness. In the case of domestic European companies, they have not prepared solutions for the changes due to the regulations, except some major companies. According to a questionnaire survey conducted on 100 entrepreneur companies related to the EU from February to March this year, 61% of the entrepreneurs responded right after the survey that they can not finish the preparation for GDPR by May, 2018. This situation is the same for European companies in other countries. According to a report released by NTT Security in July, 2017, 20% of the global entrepreneurs outside of the EU have no idea how it will affect their business. Therefore, businesses should take action to prepare for the changes of GDPR. First, businesses must hire or appoint an information controller, an information processor, and an information protection officer to make sure we are in compliance with the GDPR. Second, business plans need to be reviewed and updated to make sure it meets the GDPR requirements. Third, they should implement risk mitigation measures for solution about GDPR seizing a risk and a relief method. It means that most corporations revise existing risk mitigation measures.

Finally, because GDPR requires companies to report within 72 hours of information infringement, whether a company will be penalized for violating the rules or not is directly dependent on how effectively the response team minimizes the damage, so appropriate reporting and response systems should be in place to avoid big penalties. This regulation must be continually observed. There are many companies that are affected by GDPR and if a company violates these laws, they pay a fine. Therefore, we should pay close attention to this bill and establish a standard response for corporations domestic and abroad.


댓글삭제
삭제한 댓글은 다시 복구할 수 없습니다.
그래도 삭제하시겠습니까?
댓글 0
댓글쓰기
계정을 선택하시면 로그인·계정인증을 통해
댓글을 남기실 수 있습니다.