The highly-anticipated enforcement date of May 25th has come and gone, but the opportunity to use information governance (IG) to bolster your organization’s compliance with the EU General Data Protection Regulation (GDPR) still exists.
The Information Governance Initiative (IGI) recently released its third annual “State of Information Governance” report . Highlights include a sharp rise in IG projects underway and a shift toward organizations deriving value out of properly stored data. Indeed, nearly twice as many respondents (176percent of prior-year baseline) indicated that they are extracting business value from their information.
While external factors to include data breaches and data privacy regulations largely drive IG projects, there is mounting internal pressure to reduce storage costs, limit exposure to potential data breaches, and consolidate data. IGI found that respondents overwhelmingly agreed that information governance is an essential component of internal and external cybersecurity.
Below are key takeaways from the report, including respondent results and IGI’s analysis and recommendations.
The European Commission (EC) recently issued online guidance on the General Data Protection Regulation (GDPR), a sweeping European Union (EU) data protection legislation that will take effect on May 25, 2018. The guidance is intended to be used as a tool to help businesses as well as the EC, national data protection authorities, EU Member States, and other national administrations prepare for the GDPR. To date, only 2 EU Member States – Germany and Austria – have adopted the relevant national legislation to be in compliance with GDPR.
The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency. Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP 29 working party will issue final guidance. WP29 is an independent European advisory body on data protection and privacy.
This blog post focuses on WP260, the guideline on transparency. Our companion post on WP259, the guideline on consent can be read here.
Transparency has long been a fundamental feature of EU privacy law and is an overarching obligation under the GDPR. The draft guideline notes that a central consideration of the principle of transparency is that the data subject should be able to determine in advance what the scope and consequences of the processing entails. Transparency applies in three central areas:
- The provision of information to data subjects related to the fair processing of their personal data.
- How data controllers communicate with data subjects in relation to their rights under the GDPR.
- How data controllers facilitate the exercise by data subjects of their rights.