Recently, the world has seen unprecedented privacy beaches as the global populations sees the gradual but unavoidable shift of information into cyberspace.
In Malaysia, it has recently been reported that major privacy breaches which may have affected almost the entire population resulted in personal information. Exp: mobile phone numbers, identification card numbers, home addresses and SIM card data, belonging to some 46.2 million mobile phone users being leaked. The gravity of such breaches cannot be understated, particularly where the information leaked allows criminals to commit identity theft.
What is GDPR?
GDPR (General Data Protection Regulation) is a new legislation that applies to all companies who collect, store and process any data belonging to EU citizens.
The GDPR is a framework set to harmonize data protection regulations across the member states in the European Union (“EU”).
The GDPR tries to strike a balance between ensuring a high level of protection for the privacy of individuals and the free movement of personal data within the EU.
Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, hotels, service providers, hospitals, manufacturers, IT companies and governments. Almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organizations.
Why has it been introduced?
The GDPR was approved by the EU Parliament in April 2016 and came into effect on 25 May 2018. The main reason for the introduction of GDPR is to provide people with more control over their personal data. It’s main purpose is to focus and alter the way in which businesses are acquiring, storing and managing people’s private information.
Ignorance is not a defence
After 2018, will see the biggest change in data protection and privacy. It will have a global impact on companies of all sizes, public sector and government organisations, charities, professional bodies and associations. With stricter rules and greater consumer/business awareness of rights, privacy has become the “new normal” for all businesses. But, how does privacy become embedded in your business strategy and part of your business model? GDPR is setting the tone for data protection and although the enforcement date was May 25th 2018 the regulators accept that many organisations struggle to be fully compliant by then.
What if Organisation don’t comply with the GDPR?
Organisation could be slapped with hefty fines of up to 20 Million Euros (approximately RM 95.35 million) or 4% of your business’ total worldwide turnover, whichever is higher.
Implementation of GDPR in Malaysia
The implementation of the GDPR means that businesses and companies in Malaysia that are required to comply with the GDPR. They have to conduct internal assessments in order to ensure compliance with the GDPR by 25 May 2018 or risk the imposition of fines and penalties.