Toward the end of this month, the European Union will begin enforcement of its General Data Protection Regulation (GDPR). At iuvo Technologies, we just signed our first customer agreement that included line items related to GDPR compliance and we expect to see many more. Is your organization ready to comply as of May 25?
The intention behind the new regulation is chiefly to require organizations to be good stewards of the personal data they collect. It aims to protect the personal data of EU residents regardless of where that data is processed. Thus, no matter where your company is located or in which industry you operate, if you collect any personal data from an EU resident, you must be compliant or face significant consequences. If you’ve been a responsible data collector, you are well-positioned for compliance.
The EU adopted the GDPR in April 2016. It is certainly a landmark regulation that has already had a global reach.
Personal data processing principles
The GDPR is comprised of six principles for the processing of personal data. Per the regulation, personal data shall be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Limited to what is necessary to meet the organization's need
- Accurate and, where necessary, kept up to date
- Kept in a form that permits identification of data subjects for no longer than is necessary
- Processed in a manner that ensures appropriate security of the personal data
Failure to comply
Organizations that fail to comply can face fines up to €20 million or four percent of global annual revenue for the preceding financial year, whichever is greater.
As a recent article in CIO magazine states, “In other words, even if you're late to the game with your GDPR compliance program, you should still get started.” U.S. organizations are wise to appoint a representative from their company that will be well-versed in compliance.
From a technology standpoint, compliance may prove to be a tall order, especially around personal information processing inventory. Organizations will need a firm hold on:
- How and where they store customer information.
- The strength of their business continuity program.
(A). In the event of a natural disaster or human error, how good are your backup systems?
(B). How well are your processes around data storing/processing documented? - How well they onboard and continue to train employees in network/data security.
Companies that invest in their data security may still have work to do to be fully compliant with new regulations, but they will be positioned well to adapt. Does your organization want to ensure it is stewarding its data responsibly? Schedule your free IT assessment today.