This post is also available in: German
Have you started preparing for GDPR compliance? If not, it’s time to get up to speed on what you need to do. Otherwise you expose your organization to a potentially significant financial penalty. The General Data Protection Regulation is the EU’s new law designed to protect personal data privacy in our always-online world. It was four years in the making and it applies to any EU or non-EU organization that collects or processes personal data. The effort required to comply will vary, depending on the data infrastructures and processes you already have in place.
But ignoring it isn’t an option. Here’s why:
7 key facts about GDPR
- It comes into effect on May 28th 2018. That’s not much more than 6 months away, so if you haven’t started working on your compliance, you need to do so now!
- It affects everyone. That means private and public sector organizations of all kinds, whether inside or outside the EU.
- Privacy, guaranteed. You must be able to guarantee the safety of all the private data you collect and/or process – or face the (serious!) consequences..
- Hire a specialist! Or recruit a Data Protection Officer to ensure full compliance.
- Your customers have more power. They will be legally able to exert more influence on the data you hold about them – including forcing you to delete it, and prove you have done so.
- Cover ups are not an option. You must report a breach within 72 hours, or the consequences will become much more serious when the truth emerges.
- Failure to comply will be expensive. Breaches will cost 4% of your global turnover or €20 million – and the lowest number won’t be the one you pay….
How to get started with GDPR Compliance?
A full analysis of GDPR compliance strategies is beyond the scope of a short blog post. But here are some suggestions about where to start:
- Make people aware. Use workshops, newsletters, meetings or other communications channels to make sure everyone in your organization is aware of what GDPR is and why it’s so important.
- Do an audit. Make sure you know what data you have, where it came from, where it is now, and who has access to it.
- You need to ensure the data is protected. Consult with your IT team and/or external partners about what changes need to be made to guarantee protection.
- Ensure you can provide every customer with a copy of their data on request. Also make sure you can prove that you deleted it if they ask you to.
- Consider every element of your infrastructure, including all end devices and communication channels in your compliance strategy.
Of course, at Matrix42 we are also taking steps to ensure our solutions help our customers ensure GDPR compliance. Feel free to contact me for more information!