Only you have sovereign power over keeping your data and processes innovative - and compliant.
The EU General Data Protection Regulation (GDPR), effective May 2018, was designed to make sure companies and institutions aren’t just paying lip service to personal data protection. Will everything be different under the new data protection law? No. The basic principles remain: The usage of personal data is not allowed unless explicitly permitted by a specific law or if the data subject has given consent for the processing of personal data.
However, the GDPR does mandate stronger rights for data subjects, more obligations for data processors, higher fines for infringement and certifications as proof of compliance.
Many companies believe they’ve already gone through this exercise in compliance with their own country’s individual data protection regulations. They are partly right. They may already have their record of processing activities and guidelines for data collection. However, they still need to do a full audit of their existing data protection policies, procedures and practices and vet these against GDPR. Digital platforms are a competitive advantage when it comes to adjusting business processes to drastic legislative changes like this.
However, digital sovereignty does not only take place within companies. Policy and administration at all levels of government need to work with the IT industry to strengthen trust and security in the digital sphere. Government bodies can take a leading role in promoting innovative and safe digital services for citizens.
The transition to a digital society is one of the key economic and policy tasks for both businesses and governments. Agencies and enterprises face a special challenge in that they need to do more than just digitize their processes. In order to satisfy the constant, rapidly growing demands, they need to design more dynamic and flexible processes.
The objective is to actively shape and drive digitization, adjusting as quickly and coherently as possible to new regulations emerging through the legal transformation sparked by digitization. This is especially true in the field of data protection. It requires us to shed our existing ways of thinking and avoid lengthy implementation processes – to be dynamic.