GDPR (General Data Protection Regulation) is a modern framework for protecting data that must be adopted by May 25, 2018. Established by the EU Commission, these new strict provisions will facilitate higher rates of business compliance. This will result in more confidence among EU citizens and residents that their personal data is secure – especially when interacting with businesses online.
It seems like every day brings another news story about a new security threat or data breach, so it isn’t surprising that we are seeing new and stricter regulations around data protection.
What is GDPR’s effect on your organization?
You might be wondering if this applies to you. Well, if you are doing business or have employees out the EU, the answer is likely “Yes” because this data protection law not only applies to businesses established or headquartered in the EU, but to all organizations worldwide who are collecting or processing personal data of EU citizens or residents (no matter where data processing takes place).
GDPR is expected to apply to a huge number of businesses around the world.
Why is this important?
Unlike previous directives, GDPR has established some serious consequences. You have months (not years) to adopt policies and implement appropriate measures around protecting personal data before the new rules will be enforced. The non-compliant will face potential fines of 10-20 million euros, or two to four percent of a company’s total worldwide annual revenues. It has been made known that these regulations will be enforced, so now is the time to start taking data protection seriously and begin immediate planning for GDPR compliance.
Where do you start?
Many of you probably manage IT operations or data security for your organization, so a good place to start is to evaluate your existing data protection practices. Some organizations might already have a data protection strategy in place that addresses data incidents, but that doesn’t mean all the new requirements are being met. Also, don’t expect to find a single technology to make you instantly compliant. In fact, some requirements can’t be solved by technology alone. A comprehensive GDPR strategy requires a mix of internal process creation, policy changes, and technology.
GDPR encompasses many aspects of data protection, such as collection, processing, adequacy, accuracy, retention, replication, storage, security – and of course specific responses to data breaches. No matter how far along your data protection strategy is, it is important to take a step back and consider asking a few questions to determine the amount of risk that you might be facing:
- Are adequate data collection, processing, and storage policies in place and enforced across the organization?
- Are you ready to manage data information requests and your customer’s right to be forgotten?
- How will you ensure only the right people have the right level of access to personal data?
- Do you have adequate controls in place to protect data against breaches, ransomware and other security vulnerabilities?
- If a breach occurs, how quickly do you believe you can remediate and communicate?
Take the GDPR Risk Assessment
The five questions above are just the beginning. I invite you to take the GDPR Risk Assessment, brought to you by Ivanti. In just 10 minutes, you will be able to gauge your own readiness and discover how much risk your organization may face around the key data protection requirements. After you complete the survey, we will provide some strategies that you should consider adding to your GDPR compliance plan to help you prepare for the compliance deadline.