With fewer than 500 days until May 2018 rolls around, the countdown to when the EU’s General Data Protection Regulation (GDPR) goes into effect is on.
As a regime designed to help protect personal data belonging to citizens of the EU, GDPR doesn’t just impact firms located in Europe. It’s created to ensure people’s personal information is protected regardless of where it’s sent, processed or housed. Thanks to internet, this umbrella spans well beyond the EU’s physical boundaries.
Although organizations everywhere will be effected by the heavyweight regulation, there isn’t one foolproof approach to compliance. There are several steps companies should follow if they want to avoid emptying their wallets to fines of €20 million ($21.3 million) or 4 percent of annual revenue that could cost up to billions of dollars.
So, if you have any connection to European vendors or customers, and are handling their data, you have about a year to prepare. Whether you’re working remotely from your favorite Dunkin’ Donuts in New England or building a team in the heart of Sydney, Australia, GDPR compliance should be your new best friend.
Because companies like Microsoft and Facebook are announcing that they are compliant, it may seem like the GDPR is only applicable to large, global companies. However, small to midsize businesses (SMBs) that are conducting any type of European business, sales, marketing, HR or any other communication or relationships also fall under its mandate. When it comes to GDPR, firms of all sizes need to understand their roles and responsibilities in complying with the regulations.
Due to the GDPR’s lengthy provisions, there’s no “one-step solution” to achieve compliance. Because SMBs and larger enterprises are held to the same standard, below are four recommendations organizations everywhere should follow—regardless of both size and location:
Companies should be thinking critically and strategically when dealing with GDPR compliance since it’s vital to pinpoint where responsibility for data security lies early on. From there, organizations should develop a corresponding response strategy.
To help plan a privacy strategy, businesses can run a complete inventory to show the flow of data throughout its systems. Under GDPR, companies will be held responsible for the loss or mishandling of EU citizens’ data if there is a breach—even if they’re outsourcing the storage/handling of the data through a third party. Having policies in place in the event of data privacy issues will encourage accountability and maintain overall business agility.
Organizations should be prepared to employ companywide controls, policies and procedures for compliance through the help of the legal, IT and security teams. Chief information security officers (CISOs), in addition to the rising data privacy officers, can work together to help manage, direct and guide these teams throughout the entire process.
Chief Analytics Officer Spring 2017
15% off with code MP15
Big Data and Analytics for Healthcare Philadelphia
$200 off with code DATA200
10% off with code 7WDATASMX
Data Science Congress 2017
20% off with code 7wdata_DSC2017
20% off with code AIP17-7WDATA-20