GDPR is an EU directive that comes into full force on 25 May 2018, 14 months from now. How prepared is your business for the change?
Under the upcoming EU General Data Protection Regulation (GDPR) directive, significant financial penalties will be in place for companies that break new rules.
Should private customer data be misused, fines of up to €20m, or 4pc of an organisation’s revenue, could be enforced.
Last December, Helen Dixon, Ireland’s Data Protection Commissioner, began publishing guides on how to understand the upcoming regulation.
The December document came with a warning of how the GDPR gives data protection authorities more robust powers to tackle non-compliance. For those that operate in the energy industry, what does it mean for you?
The GDPR awareness coalition has produced a six-point plan for operators in this industry, highlighting specific areas of concern.
For the smart grid, for example, smart meters will “provide suppliers with insights into personal routines”, which will lead to a “step change” in how much energy data can be managed.
In terms of metering and billing, many suppliers and service companies will operate in orchestrated synergy but, if one suffers a data breach, all could be liable for fines.
In future, the data collated by electric vehicles and connected transport could, conceivably, prove very personal. Again, multiple stakeholders in this area would need to be careful with their complementary rivals.
There are other areas of the GDPR that must be addressed, including the creation of a data protection officer at all public authorities as well as companies that operate with the “regular and systematic monitoring of data subjects on a large scale”.
According to the latest data protection survey in Ireland, almost four in five companies have named a person to oversee data protection, with IT professionals those who are commonly handed the task.
Updated, 10.50am, 30 March 2017: This article was amended to clarify the possible fines organisations could experience under GDPR.