Are you GDPR ready?
As we start the New Year, organisations turn their attention to planning for 2018, budgeting and resourcing. In addition to this usual activity, 2018 also marks the introduction of a new General Data Protection Regulation (GDPR).
The new regulation is applicable to all organisations if they supply products or services in the European Union, regardless of where they are based. The deadline for compliance is 25th May 2018, after which organisations could face hefty fines (up to €20 million), legal costs and a damaged reputation. What’s more Brexit won’t affect it!
With the increasing number of data breaches hitting the headlines, it was perhaps not surprising to hear the plans for a major overhaul of the rules surrounding data protection. The last significant changes were launched in 1998 and as we know, the way we manage and conduct business has changed significantly during this time.
In summary, GDPR puts “accountability” back into the heart of the regulation, enforcing organisations to seek consent to control or process the personal data of every EU citizen they hold. Implementing GDPR will affect the entire organisation and if a company is found to be negligent in its management (or mismanagement) of data protection, then someone will be held Accountable.
- Breach notification – it will be mandatory for organisations to notify subjects of a data breach within 72 hours from first becoming aware of the breach
- Right to access – subjects will have to right to request details of what personal data is being held and how it is being used
- Right to be forgotten – or ‘data erasure’ including the removal of personal data and thirdparty access
- Data portability – allows individuals to move, copy or transfer personal data easily from one IT environment to another for their own purposes, without hindrance to usability.
- Privacy by design –Designing projects, processes, products or systems with privacy in mind from the outset.
- Data protection officers – will be appointed to ensure the company adheres to the regulations.
Personal data and the way that organisations use its data is of tremendous value and if managed properly can achieve significant competitive advantage.
So, what next?
As a start ensure your organisation gets to grips with the GDPR’s legal framework and conducts a compliance audit to understand how each aspect of the legislation applies to them. Then hire a Data Protection Officer (DPO), who will be responsible for ensuring the company adheres to the regulations.
Traveldoo takes data and data security very seriously and will continue to invest and improve as regulation and technology evolves. If you have any questions around GDPR, please contact your Account Manager.
For further information go to The Information Commissioners Office.