GDPR: 7 ways your organisation can ready itself ahead of the 2018 deadline

Author: Kev Jefcoate – iStorage Limited

GDPR: 7 ways your organisation can ready itself ahead of the 2018 deadline

General Data Protection Regulation (GDPR), a major regulatory development that has been four years of discussion and debate in the making, was officially approved by the European Parliament in April 2016. The regulation aims to create stronger data protection laws within the UK and Europe, with the intention of making the region the safest in terms of data protection worldwide. GDPR is to replace the Data Protection Act (DPA), where consequences of failing to protect data will become much greater.

Under the DPA, the maximum fine for breaches is currently £500,000, but this will increase to 20 million euros or 4% of global turnover, whichever is greater. The GDPR regulation requires all public and private sector organisations that hold personal data across the 28 EU member countries to comply with the regulation.

GDPR will have a direct legal effect throughout the EU, enforced by national data protection authorities and courts, without requiring transposition into national legislation. Organisations, businesses and institutions will need to take action to implement effective compliance measures. Key activities will include end-to-end process reviews, adjustment or amendment of relevant controls and re-alignment of risk profiles.

Decision-makers and others in roles of responsibility need to understand the implications of GDPR, and that any potential business compliance issues must be ironed out as soon as possible. Ensuring an organisation is compliant can put a burden on company resources, especially for those with larger or more complex infrastructures. To stay ahead of regulatory commitments and avoid costly, last-minute structural changes, it is essential plans to adhere to GDPR are agreed and put into place well ahead of the May 2018 deadline.

There are seven key steps your organisation can put into place on the route to compliance:

  • Update policies – this should demonstrate the new obligations and ensure that any reporting systems are outlined
  • Appoint a Data Protection Officer (DPO) – this is mandatory for all organisations with more than 250 employees
  • Report effectively – a system should be put in place that ensures any breaches of unencrypted data are reported within 72 hours
  • Encrypt everything – defend against a breach by making data unreadable or in an inaccessible state using unbreakable encryption
  • Keep records – data controllers should keep internal records as to how data is processed as evidence and to monitor compliance
  • Obtain written consent – the parent/guardian of any child under the age of 16 should be notified and consent given before processing personal data
  • Respond quickly – ensure that any requests from individuals in relation to the handling of their personal data are dealt with efficiently and pro-actively

GDPR will come into effect on 25th May 2018 and there is much to do before then, especially for those businesses that have not previously been directly subject to EU privacy law.

iStorage, trusted global leaders of PIN protected, hardware encrypted data storae devices will be supporting businesses with consultancy around GDPR and with its wide range of award-winning USB flash drives and hard drives: Learn more at Infosecurity Europe – Europe’s largest Information Security industry event – London, 7-9 June 2016. Stand B85

Read the article here