The transition period for the EU’s General Data Protection Regulation (GDPR) is almost over and the legislation comes into force in the next few days. This governs the collection, storage, transfer, processing and disposal of personally-identifiable data, and any company that handles the data of EU residents is affected. Essentially all businesses need to ensure that they have permission to use that data and have processes in place to report data breaches or losses while allowing individuals to check, amend and erase their personal information on demand. With penalties for non-compliance of up to 20M€ or four percent of turnover – this is truly something to take seriously.
The starting point for ensuring compliance is to identify the data in question – which isn’t always as straightforward as it sounds, as it can be held in many different places in an organization. Many businesses are finding that their data is fragmented across application data stores, file shares, PC hard drives, email systems, and other locations, making it challenging to ensure that everything that needs to be protected is covered.
In working towards compliance, it is also necessary to understand which data is sufficiently sensitive and personally identifiable to be covered by GDPR, as individuals could still be identified even with some anonymized data. Consequently, the most important change for many of these organizations will be to introduce a modern data protection system that forms a solid foundation on which to implement the policies and processes necessary for GDPR compliance.
Visibility, Governance Value Creation/ Usage
Firstly, implementing an effective data protection system makes it easy to discover your data, to classify it and to generate the metadata that allow you to quickly locate files and objects while also making it easy to check compliance with GDPR. Also, as storing data on multiple systems is complex to manage, it makes sense to create a consolidated repository as part of the data protection system. This will also enable you to develop new uses for the data (assuming of course that you have the required consent).
The bottom line is that not all businesses are ready for GDPR and unfortunately compliance isn’t something that you can buy off a shelf. Achieving compliance is more of a journey, implemented via processes and policies with the right technology foundation. If you haven’t yet addressed this in your organization, don’t panic! There’s still time to create a road map and start working through it. As a starting point, we’ve worked with leading European analysis and research firm Freeform Dynamics to create some tips for how to create a modern data protection system that will serve as the foundation for you to implement the processes and policies necessary for GDPR compliance.
This is not just about GDPR compliance – ensuring good data hygiene in your company is something you should be implementing anyway. In this way, we think that GDPR will have an entirely positive effect on businesses, since it is providing the nudge they need to have privacy policies in place, documented procedures and effective data management. As a result, companies will benefit from greater agility, be better able to unlock the potential of their data in addition to realizing cost savings thanks to their streamlined systems.
Discover more from the infographic: Dealing with the GDPR challenge – The catalyst for a move to modern data protection.