Businesses face a daunting task to comply with the new EU General Data Protection Regulation between now and May 2018. But Exchange Communications MD Tom Sime lists several ways companies can robustly futureproof their operation to their significant benefit.
Amidst the threat of eye-watering fines equating to almost £18 million, every company has to formulate a policy on the EU General Data Protection Regulation (GDPR) between now and May 2018.
GDPR undoubtedly represents one of the biggest changes to data protection laws in the last 20 years, and businesses absolutely must be prepared for this seismic shift in the IT landscape.
In fact, you need to get started today - it’s that simple. Yet, the situation is complicated and multi-faceted too.
While the move should mean that data protection is improved for individuals within the European Union, companies are scrambling to keep up.
They will have to show that they are treating data securely, will be required to obtain an individual’s consent to store and use their data, and will have to explain how it is used, but of course some won’t have the resources to do that.
Furthermore, many businesses are appointing a data protection officer (DPO) to specifically look after this area – another drain on resources that many businesses could perhaps do without.
Worse, panic could start to set in for those who are ill-prepared ahead of the big deadline, and no wonder, the potential fines for failing to comply are vast – 20 million euros or four per cent of annual global income, whichever is greater.
One of the results of the legislation is that companies will have to observe ex-employees’ ‘right to be forgotten’.
More specifically, they will be able to request that their personal data is not only deleted, but also that it won’t be shared with third parties.
The good news is that companies who are able to robustly futureproof their operation will likely see significant benefits from compliance.
For example, with data protection regulations becoming uniform across Europe, they will no longer need to seek advice from local lawyers to ensure compliance in any given region, thus reducing ambiguity and increasing savings.
So what’s the best next step that your business can take ahead of the May 25 deadline?
Conducting an audit of existing data and current practices, would serve to mark out an effective strategy in the initial stages of moving towards compliance.
Invest in a joined-up approach
Amidst the GDPR clamour, investment in other solutions may also be worth considering in order to ensure a highly joined-up approach.
Businesses will need to conduct a thorough review of the data they have that might be covered by the law, so why not automate the process?
Get the software
Data discovery software is set to lead the way by searching out and identifying personal data risk areas ahead of the deadline and thereafter, providing a reassuring safety net. This will be something that we will be able to offer clients, helping them to prepare their business in the best way possible.
In effect, it accelerates GDPR compliance by exposing potential areas of concern and allowing businesses to address them quickly and effectively, while providing a single interface through which to search and compile data in one place.
Such software also useful for profiling data and helping your team respond to data requests in a speedy and efficient manner, facilitating a well-defined process from request to response.
Assess your risk effectively
With so many applications storing or transmitting personal data, not to mention business devices which may be insufficiently protected, it’s hugely important to assess your risk effectively and pinpoint where exactly data may be lost, whether it’s on-premises, in the cloud, or on mobile.
It’s a great and effective way to kick-start a comprehensive GDPR compliance programme and stay ahead of the new legislative demands.
For more information on GDPR solutions to help your business, contact Exchange Communications today on 0800 008 7600 or at www.exchangecommunications.co.uk