Data Protection what you need to know

Is your company ready for The General Data Protection Regulation (GDPR) when it’s introduced in early 2018? If you’re asking yourself what GDPR is and why it’s relevant to your business, then you’re in the company of 82% of the 821 companies surveyed by Dell who also hasn’t heard of it.

Is your company ready for The General Data Protection Regulation (GDPR) when it’s introduced in early 2018?  If you’re asking yourself what GDPR is and why it’s relevant to your business, then you’re in the company of 82% of the 821 companies surveyed by Dell who also hasn’t heard of it.   

Back in the early 90’s, when technology giants such as Amazon and Facebook were unheard of, the first data protection laws were introduced and whilst the modern world of consumer buying has changed dramatically and e-commerce is the new norm, the legislation that protects consumer data and how companies handle it hasn’t advanced.    In an effort to unify data protection legislation across the 28 EU states, this new piece of legislation will provide a single European-wide framework, removing the complexities that businesses currently face around complying with multiple local regulations across the EU.  In effect, GDPR will unify EU data protection legislation so that there is one set of rules.  

Some of the key features of GDPR will have is an impact on companies’ security requirements, meaning the need to review and change existing processes and technology to ensure compliance.   Areas of tightened legislation are:

  • Personal data – e.g. IP addresses that can identify a user’s device will be regarded as personal data.
  • Data breach – excluding encrypted data, this is defined by the GDPR as an action that leads to “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
  • Continuous compliance and audit – strong recommendation to carry this out weekly to even daily and at any point an auditor can ask a company to demonstrate compliance.

Applicable to companies employing 250 employees or more (with some exceptions), who collect the personal data of EU citizens, there is a recommended 2 year implementation period to be GDPR ready and hefty fines for companies who aren’t compliant.  Most companies should have long started.  Has yours?

 

If not, talk to us about how we can help.