UK business and the GDPR - one stop shop
On the other hand, reporting will be simpler in that organisations will only have to report a breach once, rather than face multiple investigations across EU states. This will save time and cost even if the fines will now be far greater than under any national data protection regime.
UK business and the GDPR - data protection officer
The appointment of a Data Protection Officer (DPO) will be mandatory for all organisation with more than 250 employees, who will have the job of independently assessing that organisation's data governance stance.
UK business and the GDPR - moving data outside the EU
Data processors will have to ensure that personal data moved or processed outside the EU (e.g. in US datacentres or the cloud) complies with the GDPR. If this turns out not to be the case, this will represent another area of hidden risk.
Re-stating the benefits
Despite the way it raises the bar for compliance and punishment, the pay-off for multi-national businesses in particular is that the GDPR reduces 28 sets of different data protection laws to a single regulation, hugely reducing compliance costs, complexity, risk and uncertainty over reporting. This benefit also applies to firms based outside the EU which operate in its markets. By boosting the rights of citizens to control their personal data the hope is that it will also make the EU a haven for personal data and directly influence the data governance regimes in other parts of the world.
Sign up for CIO Asia eNewsletters.