In December 2015, the European Commission finalised the rules of the General Data Protection Regulation (GDPR). Intended to enhance personal data protection within Europe, the regulation came into force in May 2016, with a period of grace ending on 25th May 2018.
Organisations must prepare themselves to comply with this mandatory piece of legislation – the time for burying heads in the sand clearly has ended. The GDPR is no longer just a blip on a long-range weather forecast; it can seriously damage a company’s reputation and leave a large hole in its financial statement. Did you know you could get fined up to €20 million or 4% of your annual global turnover, depending on which is greater? How is it even possible to incur such a fine?
Here is what you need to do:
- Processes: In order to comply with the regulations, you must develop appropriate data management process at a technological and organisational level – such as minimising personal data usage and to use encryption.
- Cleanse: You must erase data when the individual withdraws their consent for its usage, as well as respecting the right to access and rectification of that data.
- Standardise: The regulation intends to create a more standardised approach to data management across the currently disparate European states, as well as ensuring a standardised experience of data handling for any end user within the region.
- Location: The regulation will apply not only to businesses residing and operating within the EU, but also to those outside of the region that process personal data collected within the EU, as a result of services or goods provided to citizens.
Our tip is a two-step approach to ensure you are fully compliant with the latest laws:
- Mix the art of business with the science of technology: IT must offer pragmatic guidance that remains adaptable to the needs of the business, yet clearly enables compliance to be met by May 2018. Internal teams, lines of businesses and, most importantly, employees will need to change their day to day use of data. This will require guidance, support and training to ensure a smooth transition of internal traditions.
- Work together: All stakeholders in data management must be involved; this isn’t just an issue for IT to handle. Responding to the GDPR is going to require a strategic change within the business as a whole. From acquiring customer information to managing, storing and using it will require several teams working together and agreeing on a standard process. If the Board is not in consultation with IT, and vice versa, organisations will struggle to meaningfully adapt. The most effective IT organisations will be those that work in cross-functional teams. This means transparency in reporting, proactively seeking legal involvement, a budget to deliver against and a clear set of objectives.
This blog is part of our ‘DC – DC: Data Centre Digital Classroom series, which helps you enhance your knowledge on key issues currently affecting our industry. You can now download the free full guide here.