Subscribe to Cyber Resilience Insights
Get the latest cybersecurity news, analysis and tips delivered to your inbox every week.
In the last edition of our series, we review what you can do to be ready for compliance.
Welcome to the final edition of our 5 Things for 5/25 blog series, where we’ve explored what organizations needing to comply with the EU General Data Protection Regulation (GDPR) must consider as the enforcement date approaches.
Well, now the implementation date we’ve been talking about for years has nearly arrived. Starting on May 25, the rights EU residents have over their data and what organizations holding that data can do with it changes forever.
So, before the regulation kicks in, take a step back and evaluate to make sure your organization has done these four things has part of a GDPR compliance strategy:
No matter where you’re headquartered or what industry you’re in, your GDPR game plan cannot rely solely on your IT, legal or compliance teams. You need a cross-functional GDPR team. If you can’t hire a whole new staff right away, you can assemble your team within your organization to oversee GDPR preparation and risk management.
What you can do:
Compliance with GDPR means taking a long look at procedures and processes around how you handle sensitive data for EU residents. Inevitably, things pop up that you don’t expect or that you didn’t prepare for.
For example, you could be surprised by the number of places where customer data lives in your organization, and these could all be potential risks for GDPR violations.
However, with the right approach, you can be ready to handle what this fundamental shift in data privacy and protection may toss in your direction, including data breaches, the definition of personal data, Subject Access Requests and risk management.
Many see privacy and security as being one in the same, but in fact, they are distinctly different. Understanding these differences is crucial to better define policies and protection required for GDPR compliance.
This may oversimplify a complex area, but privacy decisions focus on what personal data to collect, who can access it and when, how it is used, with whom it is shared and how long it is kept for. Security represents the technology tools that safeguard personal data from unauthorized access, maintain its integrity and ensure it is available when needed. Think of it like this, security is locking the windows to your house but privacy is having the ability to draw the shades/blinds.
Privacy principles are at the heart of GDPR, and enforcing them requires the right technology, processes, and behavior. So, it’s not an ‘either/or’, but an ‘and’ –privacy and security should work together to achieve the best result.
Requirements under GDPR have resulted in wholesale changes in how organizations handle the privacy of EU resident data. In the past, approaches like privacy by design or seeking express consent to use personal data were more “nice to have” items as opposed to necessities for many.
Now, organizations should bake those practices into their data collection and handling processes, which in turn cause many to re-learn or re-think the way they’ve done things for years. And that’s creating some uneasiness.
While some 60 percent of global organizations aren’t completely confident their organization will be compliant by the deadline (according to new Vanson Bourne research), you can grow your confidence by taking the time to review the people and processes you’ve put in place to support your compliance efforts.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly