It’s impossible to avoid talk of the EU GDPR right now, and with less than a year to go until it comes into effect, it’s crucial that businesses ensure they’re fully prepared. Indeed, my colleague Peter Carlisle wrote recently on just how important this to a business.
As its name suggests, the General Data Protection Regulation has been designed to increase the protection of data privacy for EU citizens. Extensive and far-reaching, the legislation delves into numerous areas such as data portability and transferability, the rights of the data subject, and the assigning of a data protection officer, to name but a few.
Over this series of four blog posts, however, I’ll be focusing on the data itself; exploring the need to find the personal data across your environment and secure it.
In this post, I’ll begin with a very brief overview of the GDPR to help put your organisation in a position to take appropriate action.
You’re no doubt aware of the basics by now, particularly the deadline of May 25th 2018, and that failing to comply with the new regulation could lead to potential fines of up to €20 million or 4 percent of your organisation’s annual worldwide turnover. Notably, a survey carried out toward the end of 2016 revealed that 41 percent of IT professionals were “fully aware” of these implications.
So it’s important then, that to effect the changes needed for your business to be fully prepared for the GDPR, department heads and other leaders throughout your organisation become familiar with the details of the regulation.
As the diagram below illustrates, for example, the GDPR includes a broad definition of “personal data”, and identifies key principles that should be observed when processing or controlling that data. And underpinning all activities related to this personal data is the expectation of data protection “by design and by default”, terms that are referenced repeatedly throughout the regulation.
As I mentioned earlier, the scope of the GDPR is far-reaching and, with less than a year to go until it’s enforced, and with these potentially eye-watering penalties set to become reality, it’s important for your organisation to be educated to ensure it remains compliant.
In my next post, I’ll look at determining the location of personal data within your organisation, and assessing the potential risks that it faces.
In the meantime, here are a handful of many resources available online that you might find useful in bolstering your team’s knowledge of the GDPR.
- EU GDPR Portal: http://www.eugdpr.org/
- The GDPR Awareness Coalition: http://www.gdprcoalition.ie/;LinkedIn Group
- “Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now,” from the UK’s Information Commissioner’s Office’s
- “The GDPR and You,” The Irish Data Protection Commissioner