The GDPR Deadline is Near: Are You Prepared?
The new European privacy regulation, General Data Protection Regulation (GDPR) that will take effect from May 2018 is set to change the way personal data will be collected, stored, and used. Companies that deal with personal data of EU citizens have to comply with the regulation that mandates strict protection requirements. The penalties for companies that are non-compliant can go as high as € 20,000,000 or 4% of worldwide turnover, whichever is greater! According to a recent study, merely 6% of UK marketers feel they know the implications of the new EU regulation for business. The GDPR Benchmark Report informs that less than one-third of enterprises tag ‘sensitive data’ and roughly ‘40% do not know how data is treated or processed throughout its lifespan.’ While the government and companies in the EU have been preparing themselves, companies outside the EU are relatively uninformed on how the GDPR will affect their business.
How Does GDPR Affect You?
Organizations that are established in the EU or not, will be subjected to GDPR compliance if they process data of users located in the EU. This may affect non-EU businesses such as e-commerce businesses and online advertisers with websites directed at the EU. The implementation of new rights, particularly data portability, is likely to present significant technical and operational challenges for businesses.
Within each member state, a mandatory Data Protection Officer must be appointed to oversee the implementation and enforcement of GDPR. The government official will be involved in core activities that include regular monitoring and handling of data subjects.
Priorities to Prepare Well For
General Data Protection Regulation will strengthen the data privacy rights of users, but there are many aspects that organizations need to consider to keep up with the upcoming change. Here’s what businesses need to do to prepare themselves for an effective implementation of GDPR:
- Data minimization, storage limitations, and purpose are important principles in GDPR. Don’t collect more information than required and store it only for as long as you need.
- Organize an information audit and review current privacy notes. Update procedures to ensure all rights are covered, including factors that come under privacy by design.
- Consider onboarding a Data Protection Officer who can shoulder the responsibility for data protection compliance.
- Have the right measures in place to investigate, detect, and report a data breach.
- Refresh and assess how to manage and record consent as per the GDPR standards.
Impact on InfoSec
The enforcement of GDPR being less than a year away has rooted firms to invest in data protection. Information security will play a major role in this migration as policies and practices revolving around the business model will have to be altered. This will be a critical moment for information security professionals to support GDPR to ensure that all IT security controls are in place. GDPR Article 32 encourages organizations to certify for compliance with an information security framework. There is a possibility of information security program being reflected positively by adherence framework as well. To tackle this, a GDPR assessment can be conducted to identify potential gaps and evaluate the quality of various supporting information security processes.
GDPR may just be the most serious compliance concern for CFOs this year. However, by creating a single set of regulations that are aimed at protecting data privacy of residents, GDPR harmonizes and simplifies the regulatory environment. Protection of data privacy in compliance works as a defensive measure as it addresses the growing cyber security risk. The cyber insurance market as well will be driven to re-assess their current coverage to ensure that they cover potential GDPR related incidents. Another advantage is that adequate data records will be maintained which will make it easier to track and disclose data breaches.
NIIT Technologies can help you be ready for GDPR compliance through its end-to-end comprehensive solution framework that handles all issues from assessment to security.
Contact us today to know more about the integrated solution in your journey to GDPR compliance