The Good and Bad of Data Protection Regulation

08/09/17 | Pim Pennings

The Good and Bad of Data Protection Regulation

Some people think it’s easier to ask forgiveness than to ask permission. We think it’s easier to be safe, rather than sorry, to say nothing of penalized and poorer.

On 14 April 2016, the EU Parliament approved the General Data Protection Regulation (GDPR). The regulation affects all companies that process personal data of people who reside in the EU, regardless of the location of those companies and regardless of the location of where the processing takes place. It pertains to the offering of goods or services to EU citizens (with or without required payment), as well as the monitoring of behavior within the EU. And it requires non-EU businesses that process the data of EU citizens to appoint a representative in the EU. 

On May 2018, the GDPR will be enforced. Organizations found guilty of non-compliance with the GDPR’s mandates can be fined up to 4 percent of annual global turnover or €20 Million (whichever is greater, of course). 

You can find an entire website dedicated to the GDPR here. And you can find a thinly veiled infomercial from Symantec, purporting to offer compliance safeguards, here. But you won’t find much practical advice for dealing with the GDPR. So, what to do?

Cautious Common Sense

Since the GDPR is brand new, ensuring compliance with it is something of an inexact science, at least for the moment. But as is always true, an ounce of cautious common sense can be worth a pound of more painful and costly cure. 

Accordingly, ahead of the GDRP’s enforcement date — and the self-evidence of these steps notwithstanding — you might consider these: 

  • Read the GDRP and revamp your data-protection protocols to comply with it.
  • Mitigate your identifiable risks, particularly of financial fraud or identity fraud.
  • Take the initiative in managing change for all employees who collect or process, using automation as much as possible to prevent human error.
  • Make your rules for obtaining customer consent clear and transparent.
  • Research records-management guidelines to ensure you retain no data longer than required.
  • Make sure data protection is an integral part of every business process, including marketing.
  • Take the initiative in using your compliance with the GDRP as a competitive advantage. 

Given the potential for stiff non-compliance penalization, it’s better to be safe (prepared) than sorry (breached). Everything you do now by way of preparation will pay dividends in 2018.

Back to Blog List

Topic: Insurance

Blog Author:Pim Pennings

Pim Pennings | Account Manager

Pim Pennings serves as account manager of msg global solutions Benelux B.V. In this role, he is responsible for new business development and key accounts. With a degree in Business Economics Pim began his career at msg global solutions as a consultant in 2009. Since working with the company, Pim has been involved in many different international projects within the global msg organization, which provides him a broad understanding of the insurance and pension markets. Pim’s comprehensive knowledge of business requirements and deep understanding of the organization in which he operates results in a unique ability to detect opportunities for growth for both the customer as well as the internal organization.