Ready for GDPR?

Ready for GDPR

On 25 May 2018 the European Union’s GDPR data privacy regulation will come into effect. The GDPR will be used to enforce the new directive for data collection and storage. It will apply to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU or not. But how will it impact your business and what preparations are needed to comply with the new regulations? We have put together some of the possible business implications it can have and steps to take in order to comply with the new regulations.

Possible impact 

Not only will the GDPR regulations apply to all businesses in the EU, but also to non-EU established organizations are subjected to GDPR if their business offers goods and/ or services to citizens in the EU. 

Consent is a key factor in the new regulation. Under the GDPR, consent must be ‘given freely, specific, informed and unambiguous’. This means contacting your customers will need a whole new approach as you have to be able to prove that the individual agreed to receiving a newsletter for instance. It is no longer allowed to assume or add a disclaimer, and providing an opt-out option is not enough. This means marketing and sales techniques will need to be reviewed as well as business processes, forms and disclaimers. 

If there is a real risk of serious breaches of privacy in the activities of an organization, due to the amount of data processed, the nature of the data or the frequency of the processing. A company will need to appoint a Data Protection Officer (DPO),tasked to inform and advise on handling personal data. 

When the regulations come into effect, companies and organizations who don’t comply with GDPR will be faced with pretty hefty fines that can go up to 4% of annual global revenue or 20 million Euro. 

How to get ready

Start by finding out where all the personal data in your entire business comes from and map out what you do with it. Identify where the data is stored, who can access it and if there are any risks to the data. Introducing identity management allows you to restrict access to certain resources within a system. Identity management can help in defining what users can do on your network, depending on several factors including the person’s location and device type. 

A next step can be the implementation of (additional) security measures like encryption software, businesses can prevent unauthorised access to digital information on your servers and clouds. The appointment of a Data Protection Officer (DPO), even when it is not mandatory, can help in putting data protection on the agenda. 

You should consider investing in GDPR compliance specialists. This way you can avoid costly fines because of discrepancies with the regulation. The GDPR will impact on many levels so having someone who knows what to look for can take a lot of work out of your hands and ensure your organisation is compliant with the new regulations.