We have reached the point at which there is just one year left before the EU’s General Data Protection Regulation arrives in full force; this fact may prompt fear, satisfaction or in the worst case, confusion. GDPR will tighten up the rules on how organisations handle their information.
GDPR could mean massive, multiplying fines mounting up to 4% of a company’s annual turnover if it fails to meet the new standards; it is thought that fines could be large enough to place some companies into a state of extinction. Even in light of these perilous risks, there are still many who are not aware of the incoming legislation.
With just one year to go, it really is time to address this change, and put your organisation into a position where ultimately it can benefit from the heightened control over data by being compliant with the rules. Organisations that are leveraging technologies like cloud and automation may find GDPR easier to handle, as they will possess the agility to manoeuvre quickly and efficiently.
This is not just an IT problem
Robert Coleman, CTO UK&I at CA Technologies said: “One year from today the GDPR will come into force and any organisation, anywhere in the world, that processes EU citizens’ personal data must comply with it. Compliance will be no mean feat for anyone, no matter their size, requiring vast amounts of time and resource. The first step to getting ready in time is to create a cross-functional programme of work containing representatives from Legal, IT, HR, Business Units. This is not just an IT problem! …The GDPR introduces a move toward privacy by design, meaning that organisations will have to build safeguards into processes, such as testing and development, from beginning to end.”
Data may have to be moved
Peter Godden, VP of EMEA at Zerto said: “Businesses need to be prepared for the possibility that critical data may have to be moved into or out of Britain to align with the new compliance regulations. This is where having a good business continuity plan in place is crucial. The fact is that many businesses will struggle to move mission critical data across different systems without experiencing at least some downtime – where even just a small amount of downtime can result in large hits both financially and to a brand. Uninterrupted operations is possible in this difficult data migration process, but can only be achieved when an organization’s BC/DR plan is easy to test, easy to implement, automated and cloud friendly.”
It is not just about protection, data storage is crucial too
Matthew Bryars, CEO and co-founder of Aeriandi said: “Most businesses record customer calls to train staff, improve their customer service, and comply with legal requirements to ensure the privacy and protection of customer call data. But with less than 12 months to go, many businesses have not considered the impact GDPR will have on these processes. GDPR will give customers the right to have any of their personal call data erased, which places more stringent requirements on the storage and back up of customer voice recordings. Businesses will need the ability to archive, store and crucially, retrieve call data quickly, following a customer request.
Geoff Barrall, COO of Nexsan: “One way for CIO’s to avoid falling foul of GDPR is to evaluate current IT infrastructures and create a purpose-built data storage environment that stores data securely. Whether cloud-based or physically onsite, it’s key to ensure that the storage solution provides the required flexibility and agility, while keeping customer data secure and top of mind.”
GDPR does not just apply to organisations in Europe
Richard Lack, Managing Director – EMEA, Gigya said: “It’s also important to understand GDPR doesn’t just apply to organisations in Europe. Any organisation, anywhere in the world, collecting personal information from EU residents must comply. The result: Existing third-party data in the EU is gone, and no new data will flow to data brokers as a replacement.
“Businesses must, therefore, ensure that they have compliant systems in place to prevent a mass consumer ‘opt-out’ when the new regulations are enforced or even worse, face hefty penalties for non-compliance, with fines as large as four per cent of annual revenue.
“For many, this will mean reviewing what structures need to be implemented to remain compliant while ensuring the optimisation of customer needs and the associated need for transparency surrounding the use of their data.
Have a 360 degree view of data movement
Dr Jamie Graves CEO at ZoneFox said: “GDPR is all about data, and that’s where companies need to start. It is imperative that they have a full, 360-degree view of data entering, leaving and being stored within their business. This visibility can then be used as a foundation to assess and restructure processes in order to ensure compliance. Although complicated, GDPR also presents companies with an opportunity. With data breaches becoming increasingly common and personal, by being compliant companies can demonstrate their commitment to data security and privacy. Afterall it’s not just money companies have to lose – their reputations are also on the line.”
GDPR is an opportunity
Gordon Morrison, Director of Government Relations at McAfee said: “GDPR presents an opportunity to get the necessary budget and procedures in place to revolutionise an organisations’ approach to and culture around cybersecurity. Two-thirds of large firms (68%) identified at least one cyber security breach or attack in the last 12 months. Achieving compliance by May 2018 is critical but, it will be an ongoing requirement and organisations should see GDPR as an opportunity to perhaps reassess and adapt the way they deliver secure services to clients.”