The General Data Protection Regulation (GDPR) is coming. The new regulation – enforced by the European Union – will strengthen and unify data protection across the continent. The main goal of the regulation is to protect data owners, but it will also serve to improve overall corporate data security.
Do you want more detail on the GDPR? Here is all you need to know in a nutshell and the full legal texts organized in neat PDFs.
The harmonization of data regulation laws in 28 countries at once – not an easy task, but one with huge upside: clarity. The downside, however, is equally impactful: harsh financial penalties for organizations that are incompliant.
Fines can rise to $21 million, or 4 percent of your annual worldwide turnover – whichever is greater. According to a Veritas survey of more than 2,500 senior technology decision makers, almost 40% of businesses are fearful of a major compliance failing. And rightly so. (Tesco Bank fell victim to a data security breach in 2016. Had the GDPR been in force then, it would have been fined $2.3 billion.)
Who bears responsibility for GDPR compliance in your organization? Almost one-third of respondents believe the CIO is responsible. According to the Centre for Information Policy Leadership’s readiness report, everyone is. And so are you.
Google ‘GDPR’ and you will quickly find a torrent of information. As a result, it can be hard to know where to place your trust. That’s why we’re here. We’ve sifted through 4 sets of preparatory drills – one for each type of GDPR manager. Which type are you?
Ideal for charismatic motivators who want to form a widely supported consensus.
Lexology’s article, written by British firm DLA Piper LLP, claims that the core element of GDPR protection is teamwork. You should gather a team of experts within the organization that is part of an integrated approach. Before forming such a GDPR-team, however, you need to ensure that senior management buys in completely. Once the team is in place, they will need to work together to identify specific privacy risks and determine how these can be mitigated or avoided.
Ideal for long-term strategists who are looking to use the GDPR to strengthen their organization from within.
IBM developed a five-step approach to identify the aforementioned privacy risks: the 5 Phases to Readiness. Each of the five phases is associated with a specific part of your organization that needs attention:
Ideal for action-oriented coaches who want to have their game-plan ready and approved by experts.
“The most trusted online community for security professionals like you,” that is how Dark Reading presents itself. Jai Vijayan, one of their top contributors, tackled the GDPR guidelines with an equal amount of bravado and expertise. Each of his 6 key points is backed up by expert advice:
Ideal for perfectionist administrators who want to be prepared for each and every situation.
The British Information Commissioner’s Office, or ico, published a guide called Preparing for the General Data Protection Regulation – 12 steps to take now (PDF l 492 KB). The guide recognizes the similarities with the current Data Protection Act, but also takes into account the increased emphasis on documentation. A summary of their comprehensive twelve-step program:
Whether you are a motivator, strategist, action-taker or administrator – the implications of the GDPR can appear overwhelming. The regulation in general, however, should have a positive impact on your organization.
"GDPR represents an opportunity to consider data privacy compliance more strategically and holistically, as it becomes key to their data strategy and the digital transformation of their business.” – Bojana Bellamy, president of the CIPL.
Share this article