If your company manages data – in particular personal details, you need to be aware of changes in legislation that may affact your business and prepare methods and practices for securing data handling.
Given the rise of both Donald Trump and Theresa May, there’s never been more focus on regulations in recent memory. But the regulation that is starting to loom largest in the minds of business executives emanates from Brussels rather than Washington or London.
In a little over a year, the European Union is gearing up to implement its General Data Protection Regulation (GDPR) that requires all personal data collected by companies operating within the EU to be centrally managed under the auspices of a chief data protection officer—and regularly audited. Any security breach pertaining to any of that data must also be reported immediately.
But the GDPR doesn’t just stop there. It requires companies to gain explicit permission from individuals to use their personal data and honor all requests to be forgotten, which requires an organization to erase whatever data it may have pertaining to that individual.
Potential fines for violating any of these provisions are downright draconian. Based on the severity and number of violations, a company can be fined up to 20 million Euros or four percent of their annual revenue depending on which sum is greater.
A recent survey of businesses operating in Europe conducted by Osterman Research on behalf of CipherCloud, a provider of compliance monitoring tools, finds that only a little of over a quarter of respondents are confident they have the processes in place to manage data in a way that meets the requirements stipulated by the GDPR. Given the fact that those rules are set to go into effect by May of 2018, it’s little wonder that many organizations are starting to panic.
Historically, not many organizations would receive anything approaching a Good Housekeeping seal of approval when it comes to managing data. They typically have multiple copies of the same data strewn across the business. To make matters worse, much of that data consists of personally identifiable information (PII) data that winds up being accessed via any number of mobile computing devices that can easily go missing. Right now, the probability that most organisations will lose control over some portion of that data for one reason or another is exceedingly high.
Naturally, a large percentage of the businesses affected by GDPR are going to be looking to IT service providers to help them get their data sorted out. We can assist from implementing data management best practices and data encryption to setting up reporting tools and regularly conducting audits. Many organizations are likely to conclude that it’s both simpler and safer to rely on a managed service provider to perform these tasks on their behalf.
GDPR requirements go well beyond, for example, simply being able to recover data in the event it goes missing. Most of the organisations seeking external GDPR help will be looking for providers capable of delivering a comprehensive suite of data management and protection services. If you want to start preparing for the change or simply want to discuss your current data management or lack of please get in touch with us on 01202 460279.