On February 28th, AmCham hosted an open-for-all event focused on the upcoming General Data Protection Regulation (GDPR). The session was facilitated by PwC’s Ivan Mishev and Daniel Jordanovski, covering the requirements needed for businesses to implement the GDPR and protect the personal data and privacy of EU citizens.
In the first part of the session, Ivan Mishev focused on GDPR’s legal aspects and the strict new rules around protecting customer data, which is expected to set a new standard for consumer rights. He gave several examples on GDPR’s wide view of what constitutes personal identification information and explained key legal terms incorporated in the regulation, such as providing a “reasonable” level of protection for personal data, stressing that the regulation does not define what constitutes “reasonable.”
Daniel Jordanovski focused on the actual GDPR implementation challenges and how they influence the businesses, their employees, partners, customers and legislators. He emphasized that the time is running out to meet the deadline, so businesses need to know about the GDPR and its requirements. Many of the requirements do not relate directly to information security, but the processes and system changes needed to comply could affect existing security systems and protocols.
Over 60 participants, raised many interesting questions, ranging from “micro” obstacles that their businesses might face, to “macro” challenges that tackle the eventual transposing of the GDPR in the Macedonian legislation.
The group concluded that the GDPR leaves much to interpretation and it gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance. AmCham will continue covering the GDPR’s policy aspect with continuous discussions within AmCham’s Committees and a separate event focusing on GDPR’s IT implications, that will be held in the near future.
PwC Macedonia’s presentation – available here.