Today’s companies hold a lot of personal data, but few of them have a comprehensive picture of exactly where that data is held or how it is protected. In a world where supply chains are getting longer and technology is enabling more outsourcing of data storage, managing customer data safely and effectively has become an increasingly complex task. Until now, the organizations have not processed the personal data in a protective and secure way and have not addressed these vulnerabilities.
Now that is about to change with the new EU regulations.
What is GDPR?
The General Data Protection Regulation (GDPR) unifies the way that companies located or working in EU process personal data. The new Regulation requires all companies that process personal data to comply with it no later than 25-th of may 2018. The fines in case of breach are severe - up to 4% of the company’s global turnover or 20 million Euro – whichever is greater. The requirements your company needs to comply with are complex and most of the IT professionals admit that are not prepared for them.
What does GDPR means for you?
To comply with the GDPR the companies will need to make changes not only to their administrative processes, but also do a lot of technical upgrades and changes even to their company’s networks infrastructure.
These will pose greater challenges for the management and the IT departments of the companies and some of the changes will require a lot of time and resources.
Furthermore certain companies should now have a Data Privacy Officer (DPO), that will be responsible for the data security management. This can be a staff member or an outside consultant.
Also your company will have to ask the individuals for their consent for every personal data process. This process must ensure, that the control over their data remains in the individuals hands.
Another important change is the need for proactive governance of third parties who process information. The increased use of outsourced vendors and suppliers means organisations must take care to identify where and how the information is processed, transmitted and stored, and have clarity over who the designated data controllers and data processors are.
Almost all organization fall under the jurisdiction of the regulation.
If you think that GDPR does not apply to your organization ask yourselves these questions:
- Is my organizations situated or operates in one of the EU Member States?
- Does my organization store any customer data (names, emails, addresses, etc.) in digital form?
- Is my employees data stored in electronic format?
If the answers to these questions are Yes, then GDPR definitely applies to your company. Don't wait for the last possible moment, as sometimes the implementation of the GDRP takes months and even years, depending on the organization.
What can we help you with?
Our team of experts can help you analyse the specific requirements for your company and help you implement them in time to be ready for the GDPR.
As a part of our services we can:
- Analyse the specific data security issues in your company.
- Develop a set of rules that need to be applied in order for your company to comply with GDPR.
- Implement the best practises in data security in your company.
- Offer a DPO as a service